Rich Salz wrote: > > > > Suggestions? Is there any interest in such changes at all? > > I think the CA program is "proof of concept" and not up to the quality > of the rest of openssl. Any improvement here would be good.
Yes ca.c is an example of how to write a CA and not a very good one at that. It was never intended to be used as a production CA but that hasn't stopped people using it for precisely that. IMHO a better solution would be to write a friendly scripting language version (possibly with a GUI interface) which would act as a front end to x509, req et al. There are only a couple of facilities which ca provides which the others can't (at present) do CRL generation and SPKAC certification. Though its possible to generate a CRL in a scripting language by generating a pseudo text index file and pointing ca at it. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
