flow errors. But
as this is a production server I need to sign the CRRs
It does seem like it is a problem paresing the signature.
Any other ideas ?
Chris...
Chris Covell wrote:
Many thanks for your comments guys,
Looking into it i am seeing the errors when approving CRRs, singing them
with
any problem, it appears after
approving CSRs.
As you say so, it appears for very low serial numbers,
so I guess this could be a bug in perl libraries.
Regards,
Johnny
--- Chris Covell <[EMAIL PROTECTED]> escribiĆ³:
Guys,
Openca 0.9.2.2
Openssl 0.9.7
Have any of you ever seen this in the
Guys,
Openca 0.9.2.2
Openssl 0.9.7
Have any of you ever seen this in the stderr.log ?
Integer overflow in hexadecimal number at
/usr/local/ca001_pki/modules/perl5/OpenCA/PKCS7.pm line 392.
The last certificate issued was serial 5368 (0x14F8)
The last certificate revoked was serial 3366 (0xD
Hello Guys, sorry I have not been around for a while, but I was on
holiday and am having some ongoing personal problems.
Anyway, I am getting back to looking at the CVS head and in particular
the shell client interface. My question today is... I have found the
"openca-shell-client" and shall e
Many thanks Michael.
Michael Bell wrote:
Hi Chris,
the import works no too. I was a bit lazy now and make recursive *
commit. I hope that all files are now available.
Chris...
---
SF.Net email is sponsored by: Discover Easy Linux Migratio
Michael,
The file is in the CVS. Did you use the developer CVS and -P option for
checkout or -dP for update?
I am pretty sure that I am doing it correctly. i am using:
export CVS_RSH=ssh
export [EMAIL PROTECTED]:/cvsroot/openca
cvs checkout -r HEAD openca-0.9 (which implies -P as I understand)
Oliver,
* creating a new module in cvs
* moving the contributed docs to this new module
* moving the guide to the new module
* including all docs on the website
I fully support this idea.
Chris...
---
SF.Net email is sponsored by: Discover
Roberto.
I'd like to link OpenCA with another aplication.
We've got software which is loggin responsible. I was thinking It
could use OpenCA to identify users and then it would give permission to
them.
Our software could be in another machine, and it could send request
and receive
Martin,
yes, you will have to start the OpenCA daemon via openca_start. The
CLI client then binds to the socket and communicates with the server.
(Have a look at the test.pl script which automatically configures,
compiles and installs the OpenCA system, starts the daemon and
runs some non-interacti
Martin,
uh, sorry, I should have read your message a bit more thoroughly AND given
it second thought! :-)
no problem ;-)
OpenCA CVS head does NOT have a working frontend yet, the one included
does not work at all, hence the 'unblessed reference' which is Perl's
way of telling you that the object (U
Martin,
71set_language ($self->{api}->get_required ('DEFAULT_LANGUAGE'));
looks like you have to add the DEFAULT_LANGUAGE setting to your
etc/servers/*.conf files.
Yeah, I have made sure I have these in both the tamplate and conf files
in servers.
In config.xml make sure that
default_lang
What about the Crystoconfig file Bahaa talked about ?
Jakub MusiaĆ
ek wrote:
Rechlo :)
this looks right to me !
Have you got the "multitoken2" program in the SafeNet distribution to test
the client/token ? I use the Luna SA and test it with:
./multitoken2 rsasign 1024 1
Multitoken is not a part of
Have you generated a new key pair like I sugested ? And stored the
result as "server.key" ? The error looks to me like the file is not in
the correct format for the LunaCA3 plug in to recognise it. Which seems
strange if you used the cautil utility to generate the key pair.
Chris...
Jakub Musia
Oliver,
After some subsequent tries with everytime the same error as before the
fix I saw that one process was still running with the old config...
I dont know why the "stop" scritp does not take down the process, but I
recommend a simple change: a grep inside the start-script shpuld check
if t
Michael,
Michael Bell wrote:
Tagged (openca_0_9_2_2). Please verify.
just to let you know that I have checked out the fresh 0_9_2_2 tag and
installed it in my test environment. It seems to work fine against the
LunaSA I have available so that is good news. I tested right from the
start, i.e. roo
I say tag away !
Michael Bell wrote:
Chris Covell wrote:
Guys, when is openca-0.9.2.2 being tagged on CVS ?
Cool question, if there are no problems at all then I can tag it on
monday. So deadline for changes or showstopper notices is monday 9.00 UTC.
Michael
Guys, when is openca-0.9.2.2 being tagged on CVS ?
Chris...
---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start readi
Guys,
but maybe it may be time to release a 0.9.2.2 when we put the improved
scep-interface also in the cvs version and do some checking if it works
properly, but so far this seemes to be the case
so what do the other developers think about?
for purely selfish reasons, i would like to see a 0.9.2
Jonny,
surely your Java client has a cookie management facility buit in ? I
have used perl to do the sort of things you are talking about (make a
connection to an http interface with cookies) and I use a perl module
that understands session management and cookies. Surely you do not have
to do J
Michael,
during the rewrite some people wrote me statements that they would like
to see role based menus. I would prefer this too instead of our old menu
handling. The different interfaces costs a lot of work. What do you
think about this change?
I think this is a good idea. i like the idea that
Hello,
Bahaaldin Al-amood wrote:
I am currently working on the LunaCA3 module, I keep running into this
OpenCA::OpenSSL module but I can not see where this module is located on
the file system; here is the output of ls in the modules directory
is this it ?
../modules/perl5/i386-linux-thread-multi/O
Guys,
I have been looking at the LunaCA3 module with OpenCA 0.9.2.1. Bahaa is
also trying to get this working withh 0.9.2.1 but I thought two heads
and all that.
Anyway, i have fixed a few bugs in the code, so that now when I run:
# ./openca_start
it does not fail with syntax errors.
Now it just
to install using earlier versions of perl ?
Chris...
Chris Covell wrote:
Guys,
sorry for cross posting this to Devel too, but I have had to do some
code changes
In order to get the OpenCA server started on this RedHat Enterprise 2.1
server with Perl 5.6.1 I have had to edit "OpenCA/DBI.p
utf-8'' at line 1 at ../OpenCA/DBI.pm line 2587."
Am I fighting a loosing battle here because of the Perl version I am
using ? Or is this an error people have seen before ?
Chris...
Chris Covell wrote:
OK, so I have piinned in down a bit.
When you use a DBI the fnction initDBI
Guys,
Try www.openca.info :)
yes this works well. I remember reading about www.openca.info now...
Chris...
---
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and
Guys,
please can you let me have the URL of the workshop documents. I need to
look at one of them and the URL of Olie's test server is not working.
Cheers.
Chris...
---
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD -
Guys,
please find attatched a copy of an internal report written by a colegue
of mine who has independantly tested our 50,000 certificate test OpenCA
installation.
Please remember that some of the things he is saying we could fix in CVS
and submit, but we have chosen to complete this testing on
Oliver,
Oliver Welter wrote:
I think that I will run a Win2000 Maschine with OO and Powerpoint2000 -
so everyone can take what he prefers.
many thanks, I shall send you my slides tomorrow (once they have been
looked at internally). If you need to do a German translation, then you
have a bit of t
Michael,
Michael Bell wrote:
first thanks for these real world tests.
no problem, this is an important area for the future of OpenCA as a
product for Local Government and larger organisations.
The reason is simple and inacceptable for high volume systems:
This while loop iterates over all (!!!) e
Guys, as you know I have started a project to test the volume
performance of OpenCA (0.9.2 RC6 CVS). I have presented a few results on
preliminary tests of the batch processor in other emails. I have now
moved onto volume testing, and in particular testing everyday functions
in a high(ish) volu
Michael,
Michael Bell wrote:
It would be really interesting for me to know how fast create_pin is.
Could you run the batchprocessor only with one step for each function
and then check the speed for the single funtions? This would allow us to
find the functions which consume the most time and per
Michael,
Michael Bell wrote:
I added Apache::Leak to bpDoFunction. It is deactivated by default
but you can use it for searching memory leaks.
OK, I have now istalled mod_perl which contains Apache::Leak and can use
openca_start successfully calling the module!
The debugging is a little bit tric
Michael,
perhaps a small notice for all who perform performance tests. OpenCA
heavily use Perl's eval. The problem is that eval had several memory
leaks. Perl 5.8.5 reports in it's CHANGES area several bugfixes related
to eval.
OK, I have upgraded to Perl 5.8.5, built from sources, and upgraded
Michael,
Michael Bell wrote:
100 batch2 minutes 11 seconds
1000 batch33 minutes 22 seconds
3000 batch3 hours 30 minutes 43 seconds
I have re-tested using the bpDoStep command you sent, and got the following:
3000 batch 2 hours 52 minutes
Obviously we are going in the right directio
Guys,
as you know I am performing a set of volume tests on OpenCA 0.9.2 RC6
(recent CVS). My first set of tests are volume testing the batch
processor (i.e. seeing how the performance varies with batch size). I
have noticed this:
As the batch size gets bigger, the time to complete the batch inc
Martin,
I just have a completely seperate installation of each (i.e.
/usr/local/openca1, /var/www/html/openca1, /usr/local/openca2,
/var/www/html/openca2) each with their own database. This is also how I
separate the CA and RA (when I am testing on a single box).
Apart from the multiple instances o
Martin,
Martin Bartosch wrote:
Hi,
I was thinking about the best way to install multiple instances of
OpenCA on one system. By this I mean e. g. two separate RAs or
CAs on the same hierarchy level.
I think currently the most sensible way to do this is:
I just have a completely seperate installat
Michael,
many thanks for fixing this, I knew it was that MODE
Chris...
Chris Covell wrote:
Guys,
On Friday 20 August 2004 18:57, Martin Bartosch wrote:
I did not try it again, but I suppose it's a bug. I finally found
out how to import my stuff using SQL import and var/ restore
and
Guys,
On Friday 20 August 2004 18:57, Martin Bartosch wrote:
> I did not try it again, but I suppose it's a bug. I finally found
> out how to import my stuff using SQL import and var/ restore
> and this worked fine for me, so I did not investigate further.
> Feel free to file the bug...
it looks t
Martin,
On Wednesday 18 August 2004 13:16, Martin Bartosch wrote:
> I get the following error in the browser (I set the exchange
> device to a file instead of /dev/fd0).
>
> There seems to be an error: LOG__DIR indicates that some variable
> is undefined, it should read LOG__DIR, judging from the
>
Guys,
On Thursday 19 August 2004 12:26, Michael Bell wrote:
>
> Ok, then I will remove the signatures. BTW this speeds up the batch
> system dramatically because it reduces the number of RSA operations.
I am just about to build my volume/speed test system, so i shall wait until
this modification
Guys,
On Wednesday 18 August 2004 19:17, Tiller, Robert wrote:
> How about a new Phase I Step 4 to be done after the normal init and
> cert setup that would be "Issue CRL". This is so you have a
> fresh CRL before the dataexchange to the RA and you don't have to go
> back and do it later.
Yes,
Guys, just to let you know that I am on holiday next week.
I also tried sending this message to the new
[EMAIL PROTECTED] mailing list, but the message
bounced.
Speak to you after the 15th.
Chris...
---
This SF.Net email is sponsored by OST
Michael,
On Friday 06 August 2004 12:36, Michael Bell wrote:
> 1. Remove all modules of the form *.tar.gz in src/modules and replace
> them by a notice in INSTALL (prerequisites).
Not sure about this one, OK for people that have already downloaded, but...
> 2. I would like to remove the postscrip
Guys,
On Monday 02 August 2004 14:04, Oliver Welter wrote:
> as some of you already know there was a plan for a littte
> workshop/conference on OpenCA in Spring 2004.
Excellent idea !
> Now the plans go further and I want to get an overview who will come
> to such a workshop and what is his/her
Michael,
On Thursday 15 July 2004 12:17, Michael Bell wrote:
> can you put this strategic wishlist (incl. the comments from the others)
> into the OpenCA guide so that we have an official strategic plan?
I have added a new appendix file, strategy.xml to the guide. Hopefully I have
got most of the
Michael (and others)
On Thursday 15 July 2004 12:17, Michael Bell wrote:
> Hi Chris,
>
> can you put this strategic wishlist (incl. the comments from the others)
> into the OpenCA guide so that we have an official strategic plan?
>
> I think it is really important to have an idea what we want :)
>
Martin,
On Tuesday 13 July 2004 15:34, Martin Bartosch wrote:
> this is actually a very good summary of some missing key features.
> I have some additional feature requests and ideas (see bottom of
> this mail).
I shall comment on your comments !!!
> > 9. Web based OpenCA configuration and managem
Guys,
I have been thinking about future development for OpenCA and have come up with
the following list. I thought I would share them with you to get some
feedback before putting them on the "OpenCA Features Request page". What do
you think ?
1. Scalability - An indication from the OpenCA team
Oliver,
On Tuesday 13 July 2004 12:04, Oliver Welter wrote:
>
> If you have cvs access feel free to add it, otherwise I will do with my
> next update
OK I have just added the file to CVS.
Chris...
---
This SF.Net email sponsored by Black Hat B
Guys,
first let me congratulate the developers of the 0.9.2 Batch Processors. This
is a much better model that the 0.9.1 system, it works well and is
expandable, great !
OK, I have been through the normal methods, i.e. creating the three input
files, and it works well. I have just tried the "Q
Guys, are any of you seeing script errors when using IE ? The error message
(in IE) I get is that "document.forms0.elements0 is null or not an object".
I have pinned the problem down to the HTML.pm module, if i DIFF between the
current CVS and the RC5 release I see:
< $page .= ' ';
---
>
Michael,
On Wednesday 07 July 2004 12:39, Michael Bell wrote:
> I tested with Mozilla 1.5 (SECCLAB) and Mozilla 1.7 (crypto.signText).
> Can you output text and signature in test_cert and send it to the list
> or directly to me? I need some material to analyze the problem.
OK, I edited the "verif
Guys,
On Tuesday 06 July 2004 15:45, Michael Bell wrote:
> I commited a second big bugfix today which should now fix the problem
> with the signature verification for roles and PIN (CRINs) too. I worked
> some time ago on a telco software and remembered me that the linebreak
> of http is \r\n.
I
Michael,
On Friday 25 June 2004 08:42, Michael Bell wrote:
> cvs update -dP openca-0.9
Thanks for this, I will be able to drive CVS one day I promise !!!
Chris...
---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black
Guys, just tried installing OpenCA from CVS and noticed a couple of things:
the directory src/web-interfaces/batch is empty
and there is no ja_JP language which is called in the Makefile.
I was not sure if changes have been made to the batch since RC5 so I did not
want to "fix" the problem on C
visiting:
https://sourceforge.net/tracker/?func=detail&atid=120873&aid=976870&group_id=
20873
Category: None
Group: None
Status: Open
>Resolution: Fixed
Priority: 5
Submitted By: Chris Covell (katjam)
Assigned to: Nobody/Anonymous (nobody)
Summary: CA export of large number of cert
Michael,
On Thursday 17 June 2004 14:45, [EMAIL PROTECTED] wrote:
> there is an area "export/import commits" which do the serial handling. I
> planned to replace the simple textfile by a dbm-file with a btree which
> should be much faster (log n instead of n per access) but I had no time
> until no
Oliver,
On Thursday 17 June 2004 12:11, Oliver Welter wrote:
> I wrote a new command and now want to add it to my openca installation,
> but when I try to call
> batch?cmd=getParams;GET_PARAMS_CMD=
>
> I get error 700 - this commmand is not supported..
>
> I already added a file in etc/rbac.
I ha
Guys,
I am going to be doing some volume testing on 0.9.2 (RC5 probably) soon, and
was just wondering on the status of the data exchange. The problems I got
when volume testing 0.9.1 was that there was a huge overhead in parsing the
dataexchange log files to determine what certificates should b
Max,
On Wed, 2004-04-07 at 19:22, Massimiliano Pala wrote:
> Hello all,
>
> do you recently have run tests about mass issuing of certificates ? There
> have been tests some time ago on a number of 10.000 certs which was partially
> successful.
>
> Does someone have fresh results on the subject ?
Michael,
On Thursday 04 December 2003 08:27, Michael Bell wrote:
> openca-sv supports encryption and decryption in the snapshots but it
> looks like I forgot to fix the helpmessage. Does somebody use the tool
> already? I have problems to trace back the usage :(
sorry Michael, I don't use the sv t
Michael,
On Friday 28 November 2003 07:52, Michael Bell wrote:
>
> should we tag release candidates in CVS? The tag would be like this one:
>
> openca_0_9_2_RC_1
>
Yes, I think this is a good idea.
Chris...
---
This SF.net email is sponsored b
Guys,
just to let you know that I have successfully stood up an openCA installation
with root key generation on a Chrysalis ITS LunaSA network HSM device !
The details:
OpenCA 0.9.1-1
OpenSSL 0.9.7
Chrysalis ITS OpenSSL patch specific for 0.9.7
LunaSA device located in Chrysalis test labs
Chrys
This is a bit off topic, but hopefully you won't mind...
has anyone got a method to verify the signatures genrated during the CAPICOM
sign process using openssl ? Looking at the OpenCA code, the openssl routines
seem just to extract the signers certificate rather than verifying the
signature, o
On Tuesday 16 September 2003 13:25, Michael Bell wrote:
> Hi Max,
>
> I played a little bit around with the stylsheets and the html pages and
> now I hope you get an idea what I mean. I used a stylsheet in the way
> you like for submenus - ab*c (this is regex with a, b and c are submenus).
>
Guys,
Michael,
> I have to make an announcement to avoid too big shocks. Max and I
> thought about the i18n support which is a little bit problematical today
> because you cannot switch the language on a per user base. Today you
> have to install another interface if you want to support the next languag
Guys,
as you may know I have been doing some volume testing on 0.9.1-1.
My tests have involved creating 10,000 certificates via the CA batch
processes. All has gone well but I am now hitting problems with the
certificate export, I hope that someone here in the developers area knows
what is goi
Michael,
> It looks nice but it has a problem with XInclude. Do you know how to
> manage all of our different files with it?
>
Doh ! From the XMLMind web site:
"Planned features
Easy to use support of multi-file documents based on standard external
entities or XInclude."
Looks like this will
>
> I'm using vi and make because I didn't find a good GUI. Do you have a link?
>
yes it is at:
http://www.xmlmind.com/
Chris...
---
This SF.net email is sponsored by: Etnus, makers of TotalView, The best
thread debugger on the planet. Desig
Guys, I am preparing the ground for the documentation and have found a Java
based XML editor called XMLMind. It seems quite good and has the benefit of
understanding DocBook. It has DocBook schema built in and acts as a front end
to the conversion functions.
Michael, what did you use to create
71 matches
Mail list logo
