Hi, We are using the OpenSSL CA application, and are experiencing regular corruptions of the index.txt file. (Happening about once per month, statistically it seemed to be every ~1200 certificates)
http://bugs.cacert.org/view.php?id=202 The problem is that there missing characteres the the beginning of the last line, which are corrupting the fileformat. I tried to analyze the problem a couple of times, but I didn´t succeed to track down the problem due to the complexity of OpenSSL´s internal code. I have now developed a patch against the ca.c file: http://bugs.cacert.org/file_download.php?file_id=22&type=bug which adds a -directupdate option, that directly appends new certificate lines to the index.txt instead of rewriting the whole index.txt file each time. I hope that this could solve our problem with the corrupted index.txt files. Another advantage of the patch is a huge speedup, since it doesn´t need to load and save the whole index.txt every time. (>100,000 certificates in it ...) I guess that the quality of the patch isn´t good enough for OpenSSL yet, but I hope that something similar could go into OpenSSL, to improve the CA, and hopefully fix the corruption problem. Best regards, Philipp Gühring ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
