Fitzsimons, Nick wrote:
First of all the format of index.txt is undocumented. Probably because it might change sometime. Or it was a fast hack to get the demo application running. Or something like that.Hello All,Does anyone know where there is a definition of the format of the contents of the index.txt file used with the ocsp and ca commands ? (This file contains info on the revocation status of certificates). Thanks, Nick
Having said this, it currently (openssl 0.9.8b) is a text database where a tab separates the columns and newline separates the rows.
The columns are defined as #define DB_type 0 /* Status of the certificate */
#define DB_exp_date 1 /* Expiry date */ #define DB_rev_date 2 /* Revocation date */ #define DB_serial 3 /* Serial No., index - unique */#define DB_file 4 #define DB_name 5 /* DN, index - unique when active and not disabled */
DB_type is defined as #define DB_TYPE_REV 'R' /* Revoked */ #define DB_TYPE_EXP 'E' /* Expired */ #define DB_TYPE_VAL 'V' /* Valid */'E' is currently not used by "openssl ca", I guess because it is redundant to DB_exp_date. So expired certificates still have status 'V' DB_file currently is always 'unknown' and not used by "openssl ca". I guess the original idea was to store the filename of the generated certificate file here.
The dates are in ASN1_UTCTIME-format. Hope it helps. Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
smime.p7s
Description: S/MIME Cryptographic Signature
