Hi everybody!
I recently sent out a new set of patches for the OpenSSL 0.9.4
I think can be useful if you use it to build/manage a CA.
Them are available at <ftp://ftp.openca.org/pub/patches/openssl>.
The most recent patch enables OpenSSL to manage any number of
certificates (at least I am working fine with n>10.000).
The other patches have been submitted to the list but not
included since 0.9.3.
Please report any problems.
Following is a brief description:
* openssl ca
- extensions [ exts_section ]: adds the ability to
use extensions specified in a specific section (so
to specify for example extensions for server_cert
or obj_sign_cert, etc ... ) overriding defaults;
- updatedb: update the index.txt and mark as Expired
expired certs;
- status serial: returns the status of the certificate
given the serial number (and the revokation date if
it has been revoked);
* openssl/crypto/config/config.c
- fix the variable reading: if you use the $ENV::VARIBLE
for example to set the nsServerName and you do not want
to set the $VARIABLE in your env (because it is necessary
only when used) without this patch you should set it or
you get an error (either if it is not used). This patch
fix this behaviour;
Enjoy the patches.
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
openssl-0.9.4-patches-02.tar.gz
S/MIME Cryptographic Signature
