On Thu, 05 Oct 2000, Dr S N Henson wrote:
> There may be an expired certificate in the directory which wouldn't have
> been noticed before....
>
> OpenSSL 0.9.6 has the ability to search for multiple certificates
> matching given criteria and one of these may be an expired certificate
> as a result.
>
> A possible indication of this is the presence of some links in the
> directory of the form <some hex stuff>.n where n > 1.
>
> Previous versions would just generate links of the form *.0 and the
> latest link would overwrite the previous one.
>
> So I suggest you look for links of the form *.1 *.2 etc in your certs
> directory. Then if you find X.1 look at what X.0 points to and it may
> well be expired.
>
> If this is the cause then its just pure luck that the unexpired
> certificate was the last one in the directory previously, otherwise this
> would have been apparent before.
>
> If you aren't using a directory then its possible that the file
> containing several certificates also has some that have expired.
>
> I suppose in future we should weed out expired certificates from the
> search earlier on.
Bingo... There is an expired file in there. I guess it really should get
moved to the expired/ directory :)
Thanks!
--
George Staikos
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
