I have a couple patches to ca.c that I'd like to contribute back:
added a "serial_name" function that's called to generate the
serialnumber.pem
string. Use this to insert an actual filename in the index.txt file, as well
as in
the two other places (certify and revoke) where a serial number is
referenced.
added a "-notext" option for omitting the interpreted text of a generated
cert.
added a "-mins arg" option for specifying expiration in minutes from now.
added a "-nodb" option to omit recording the cert in the database.
(the above two options are used together for generating shortlived certs,
which we
use much like Kerberos tickets.)
added a "-find DN" option for printing the pathname of the cert matching
the
given DN. (which relies on an actual valid filename living in index.txt....)
On a separate note, we developed a generic "make all-shared" target in the
0.9.4
configure/makefile setup, with support for Solaris and AIX. I see that some
rudimentary
shared library support is now present in 0.9.6, but it's not very generic
yet. Anyone
else still working on streamlining this? What's the story on converting the
autoconf/
automake and such? How about using libtool for the build process?
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
