Hi,
If I want the 'ca' application to move the e-mail address from the distinguished name
of a certificate request to the subject alternative name (using
'subjectAltName=email:move' in the config file) of the new certificate, the 'ca'
application still puts the DN from the request into its database (index.txt). This
results in a problem when I want to revoke the certificate later on, because the DN in
the database and in the certificate do not match.
A fix is included below against openssl-0.9.7-beta3.
Best Regards,
Zoltan
*** openssl-0.9.7-beta3/apps/ca.c Thu Jul 18 11:19:05 2002
--- openssl-0.9.7-beta3.own/apps/ca.c Wed Jul 31 10:10:40 2002
***************
*** 2089,2097 ****
}
}
- row[DB_name]=X509_NAME_oneline(dn_subject,NULL,0);
row[DB_serial]=BN_bn2hex(serial);
! if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
{
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
--- 2089,2096 ----
}
}
row[DB_serial]=BN_bn2hex(serial);
! if ((row[DB_serial] == NULL))
{
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
***************
*** 2304,2313 ****
/* row[DB_serial] done already */
row[DB_file]=(char *)OPENSSL_malloc(8);
! /* row[DB_name] done already */
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
! (row[DB_file] == NULL))
{
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
--- 2303,2312 ----
/* row[DB_serial] done already */
row[DB_file]=(char *)OPENSSL_malloc(8);
! row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
! (row[DB_file] == NULL) || (row[DB_name] == NULL))
{
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
