Hi,
I guess there is a bug in apps/crl.c.
When using the "noout" option the CRL-Application
ends with ret-code unequal zero, which apps/openssl.c
report as an error though the apps/crl.c works fine.
The bug affects for sure 0.9.7c and 0.9.7d.
Details are in the attached email.
regards
Michael
--
Dipl.-Inform. Michael Konietzka Schlund + Partner AG
- Development UNIX - Brauerstraße 48
Webservices D-76135 Karlsuhe
http://www.schlund.de/ Germany
--- Begin Message ---
Ives Steglich schrieb:
i have the following problem:
if i call:
> openssl crl ... it works
if i call:
> openssl <enter> to enter the openssl shell and then
openssl> call the crl conversion command
i get an error... see attached example:
(the crl lines are exactly the same)
so maybe someone have a hint for me
used versions: 0.9.7d and b
[EMAIL PROTECTED] 006 $ openssl crl -out
/usr/pki/operating/006/ca/OpenCA/var/tmp/28466_cnv-2.tmp -in
/usr/pki/operating/006/ca/OpenCA/var/tmp/28466_data.tmp -text -noout
-inform PEM
[EMAIL PROTECTED] 006 $
[EMAIL PROTECTED] 006 $ openssl
OpenSSL> crl -out
/usr/pki/operating/006/ca/OpenCA/var/tmp/28466_cnv-2.tmp -in
/usr/pki/operating/006/ca/OpenCA/var/tmp/28466_data.tmp -text -noout
-inform PEM
error in crl
OpenSSL> q
[EMAIL PROTECTED] 006 $
therefore - the conversation itself is still working - so in the out
file there is the txt version of the crl, in both cases, if i call the
first oder the second version - but the error is nasty - since this is
inside a scripting environment and the error check says - hey there is
an error - but is there an error?
Hm,
when not passing the "-noout" Option to the CRL command there
is no error reported. Lets have a look at the CRL-command
In apps/crl.c
i found
if (text) X509_CRL_print(out, x);
if (noout) goto end;
if (outformat == FORMAT_ASN1)
i=(int)i2d_X509_CRL_bio(out,x);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_X509_CRL(out,x);
else
{
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
ret=0;
end:
BIO_free_all(out);
BIO_free_all(bio_out);
bio_out=NULL;
X509_CRL_free(x);
if(store) {
X509_STORE_CTX_cleanup(&ctx);
X509_STORE_free(store);
}
apps_shutdown();
OPENSSL_EXIT(ret);
}
So if the "noout"-Option is set then the programm execution will
jump to label "end" after output of the text-format but without setting
ret=0; so the apps/openssl.c reports an error because of a returncode!=0
of the CRL-command.
So change the line
if (noout) goto end;
to
if (noout) {ret=0;goto end;}
I am talking about openssl-0.9.7c and tested it.
HTH ®ards
Michael
--
Dipl.-Inform. Michael Konietzka Schlund + Partner AG
- Development UNIX - Brauerstraße 48
Webservices D-76135 Karlsuhe
http://www.schlund.de/ Germany
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--- End Message ---
