On Mon, Sep 02, 2002, Olaf Zaplinski via RT wrote: > > Stephen Henson via RT wrote: > > [[EMAIL PROTECTED] - Mon Aug 26 10:33:29 2002]: > > > > > >>I found the solution: I just commented out the lines 675-676 in > > > > apps/ca.c - > > > >>now everything works as expected. > >> > > > > > > Since this just disables the check it isn't a good idea. > > It is not disabled - some other check then tells me what went wrong when I > force an error by editing the serial file. This error message (which I don't > remember) was far better than that simple 'bad serial number length' which > does not mean more that 'ouch' to me. ;-) >
Its checking for errors in index.txt, not serial. > > The error message suggested that index.txt has somehow had an invalid > > serial number written to it. What does you index.txt and your serial > > file look like when you get this message? > > This is what I did after 'make install': > > cd /usr/local/ssl > mkdir rootCA > [edited openssl.cnf and adjusted the paths accordingly] > cd rootCA > touch index.txt > [edited serial and inserted one line containing '00'] > > So index.txt was a zero byte file, serial contains '00'. > > Then I created the CA and the 1st server cert w/o problems. The 2nd cert > signing fails then. > Yes but what does index.txt and serial contain after the error? Can you send them to me, not just a description because it may be one stray character that is confusing 'ca'. > BTW, it would be great if 'make install' would setup the demoCA directory > with proper index.txt and serial (AFAIK this was the case for older versions). > The command CA.pl -newca does that. Can you check if a demoCA created with CA.pl -newca also produces this error? Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
