Hi, On Mon, Mar 31, 2014 at 9:42 AM, Jan Just Keijser <janj...@nikhef.nl> wrote:
> On 30/03/14 15:46, Gert Doering wrote: > >> Hi, >> >> On Sun, Mar 30, 2014 at 12:48:37AM +0100, Steffan Karger wrote: >> >>> 3 - Change OpenSSL builds to use hax representation >>> >> I tend toward this one - user visible behaviour shouldn't change (unless >> unavoidable) depending on SSL library used. >> >> So for me this boils down to "how many users are relying on the current >> behaviour, which is not what the docs say it should be"? >> >> >> I've posted a script to verify CRLs > http://www.nikhef.nl/~janjust/vpn/OpenVPN2-Cookbook/verify-crls.sh > which relies on the XX:XX:XX format ... I could change that, of course, > but I am not sure how many people are actually using that script. > Printing the serial in hex format would make it more difficult to do a CRL > check, however, as the openssl tools by default use the XX:XX:XX format. > If I try 'openssl crl -noout -text -in some.crl', the serial output reads as XX:XX:XX, but is in hex, not decimal form. That makes me believe this script was broken by the hex -> decimal change (and thus probably isn't used very much in combination with openvpn 2.2 or 2.3). So this, too, votes for 'make OpenSSL builds use hex again'. -Steffan
