Michael,
>> Many thanks, I shall be applying the patch to my live system soon.
>
> Can you prepare a working patch and commit it too openca_0_9_2 please?
yes no problem.
Chris...
---
This SF.Net email is sponsored by:
Power
Michael,
>> I think I shall also try and write out the serials to the stderr.log so
>> that I can see what the numbers are that are overflowing. This patch
>> (should) fix the symptoms but not the cause !
>
> Sorry Chris, but the cause is our poor handling of cert and oth
Michael,
>> I think I shall also try and write out the serials to the stderr.log so
>> that I can see what the numbers are that are overflowing. This patch
>> (should) fix the symptoms but not the cause !
>
> Sorry Chris, but the cause is our poor handling of cert and oth
DN} = $dn;
>>> if ($self->{DEBUG})
>>> {
>
> You are correct. the problem is that I have no actual testsystem for
> this :( Chris, can you modify the patch by yourself?
Yes, I think so.
Many thanks guys, I shall let you know how it goes.
I
Michael,
Yes, I have got a test system, I can give it a go.
Many thanks
Chris...
>> Openca 0.9.2.2
>> Openssl 0.9.7
>
>> Integer overflow in hexadecimal number at
>> /usr/local/ca001_pki/modules/perl5/OpenCA/PKCS7.pm line 392.
>
> Do you have a test system whe
flow errors. But
as this is a production server I need to sign the CRRs
It does seem like it is a problem paresing the signature.
Any other ideas ?
Chris...
Chris Covell wrote:
Many thanks for your comments guys,
Looking into it i am seeing the errors when approving CRRs, singing them
with
l too.
Juergen's point is also a good one, the certifciate I am using to
approve the CRRs is from a hierachical PKI, one of the serials numbers
may be a bit funny !
Chris...
Johnny Gonzalez wrote:
Hello Chris,
I have seen that message several times, but until now
it haven't been
(0xD26)
surely these are not such big numbers to overflow ? Is this a bug as I
have duplicated the error in a test script and the lowest integer I get
to cause the overflow is 1 ! I am nowhere near that serial number !
Chris
develop an online CA based on existing code
or an OpenCA timestamping server). How would the funding be managed ? How
would it be distributed amongst the developers ? Do we want it ? I am
proposing this as I am not a developer but may have access to EU money and
have projects in mind
and shall examine it more, but it seems to be a
menu driven console client. I see in CHANGES that there are plans for
more of a server/Command user interface, has thiis been implemented yet ?
Cheers
Chris...
---
SF.Net email is Sponsored by
PROTECTED] etc]# ./openca_start
Undefined subroutine OpenCA::TRIStateCGI::set_gettext
at /usr/local/093_pki/openca/lib/functions/initServer line 558
Compilation failed in require at ./openca_start line 63.
it looks like an i18n issue, is there something else I should be setting ?
Cheers
Chris
Many thanks Michael.
Michael Bell wrote:
Hi Chris,
the import works no too. I was a bit lazy now and make recursive *
commit. I hope that all files are now available.
Chris...
---
SF.Net email is sponsored by: Discover Easy Linux
)
I can see the CHANGE file has been updated with the data exchange mods,
so I am pretty sure I have the correct version.
Chris...
---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow
you forgotten to include this file in the CVS repository ?
Chris...
---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more
sh to export to"
type question during export ?
3. I think you have an error in "3. RA", it says "- DELETE FROM DX WHERE
SERVER_ID=0 and NUMBER>0 and NUMBER>=IX" where I think it should say "-
DELETE FROM DX WHERE SERVER_ID=0 and NUMBER
.
Do either of you use IRC ?
I am always online in the Freenode #wilts channel (our local linux user
group) and can easilly create an OpenCA channel where we can discuss this
sort of thing online.
Or I still have the yahoo online chat account I used in the past with
Mic
quot;number of global objects") records and on
each node there would be "number of node objects" + "number of global
objects" records.
Perhaps we are going round in circles a bit here with this, but it is best
to get the design right !
Any thoughts ?
Chris...
---
om yesterday).
Yes, true.
> None of both, it is more a question of personal preference - dynamic
> schema vs. statical schema and more rows.
hopefully a better method than the one described above would overcome the
need for a dynamic schema, extra tables and more rows...
Chris...
s the data exchange
status is always kept with the object.
Am I missing something or being stupid in pushing this ?
Chris...
---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, strai
xporting the correct
data even if an import is not received. I hope you understand what I am
trying to say here.
8. Is it worthwhile giving some consideration as to how the new import/export
implementation fits in with the future need of "real time" certificate
generation ?
Chris...
design, even if it means a little sacrifice in
performance.
I still don't quite understand the full picture... is there any chance of
an example in words, i.e. CA enrols, query on CA database, all records
extracted to an SQL file (?), file tarred (and compressed) with config
file, sent to no
Oliver,
* creating a new module in cvs
* moving the contributed docs to this new module
* moving the guide to the new module
* including all docs on the website
I fully support this idea.
Chris...
---
SF.Net email is sponsored by
to do, but of course it is very subject to OpenCA web
front end changes.
Chris...
---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http:/
-interactive tests with it.)
cool, so i am back to my original problem of not being able to start the
openca daemon ! I have the "unblessed reference" problem.
I shall keep looking.
Chris...
---
This SF.Net email is sponsored by: NEC IT Guy
I have started the
OpenCA server using openca_start. This is true isn't it ?
Chris...
---
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events, 4
opportunities to wi
l make sure that
default_language
C
Yep I have checked this also.
in your server configs. There may be other mandatory settings
that are new in the dev branch.
It looks like there may be...
what does the error "unblessed reference" mean ? Any ideas ?
Chris...
--
70$self->{HTDOCS} = $self->{api}->get_required('HtdocsUrlPrefix');
71set_language ($self->{api}->get_required ('DEFAULT_LANGUAGE'));
It looks like a problem with Michael's new API, any ideas ?
Chris...
---
What about the Crystoconfig file Bahaa talked about ?
Jakub MusiaĆ
ek wrote:
Rechlo :)
this looks right to me !
Have you got the "multitoken2" program in the SafeNet distribution to test
the client/token ? I use the Luna SA and test it with:
./multitoken2 rsasign 1024 1
Multitoken is not a part of
ot the "multitoken2" program in the SafeNet distribution to test
the client/token ? I use the Luna SA and test it with:
./multitoken2 rsasign 1024 1
If this works, then I think you have a problem with the OpenSSL patch.
Chris...
---
S
Have you generated a new key pair like I sugested ? And stored the
result as "server.key" ? The error looks to me like the file is not in
the correct format for the LunaCA3 plug in to recognise it. Which seems
strange if you used the cautil utility to generate the key pair.
Chri
ivate key on the HSM device.
What I would do is use OpenCA to create a normal soft key, and then
replace the cakey.pem (in ../openca/var/crypto/cakeys) file with your HSM
generated pem file. This should work fine.
I hope this helps.
Chris...
> I've such problem. Installed openca 0.9
I have some experience of this, but no time to discuss now. I shall write
more on Monday morning.
Chris...
> Hi
>
> I've such problem. Installed openca 0.9.2
> Installed openssl-0.9.7
>
> Configured openssl and openca. Right know when
> i'm starting openca i hav
check
if there is a process running and at least warn the user
yeah, I saw this a while ago (but did not do anything about it !). It is
a good idea.
Chris...
---
This SF.net email is sponsored by Demarc:
A global provider of Threat
. root cert creation, admin cert creation and CRL generation.
Many thanks Michael.
Chris...
---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly
I say tag away !
Michael Bell wrote:
Chris Covell wrote:
Guys, when is openca-0.9.2.2 being tagged on CVS ?
Cool question, if there are no problems at all then I can tag it on
monday. So deadline for changes or showstopper notices is monday 9.00 UTC.
Michael
Guys, when is openca-0.9.2.2 being tagged on CVS ?
Chris...
---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. S
0.9.2.2 release as
soon as possible. Michael did some fundamental work on HSM support last
week, and I need a release for my project. I would like to use an
official release, but if it is not going to be for a while then I can
use the current 0_9_2 openca_0.9 version on developers CVS.
Chris
Java session management my hand, it should have its own cookie
storage (cookie jar ?).
Chris...
Johnny Gonzalez wrote:
Hello Everybody,
I'm sorry for writting this message here but, I don't
know who else can help me on this issue. This is the
problem.
I need to sign all the requests in t
change. Access control and menugeneration are affected. So what do you
think?
I say go for it !
Chris...
---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports.
times it is being called.
that will explain why my box is running out of memory and the openca
process terminated by the kernel !!!
Chris...
---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases
?
I have configured the token.xml for LunaCA and also added in the LunaCA3
utility commands in ca.conf.
Cheers in advance.
Chris...
---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create
ck their
configuration etc via the web interface). I would like to see a command
line client as a stepping stone to a full OpenCA API, but would not like
to remove any functionality from the web interface.
Chris...
---
This SF.Net emai
>>> with the lines:
>>>
>>> use Locale::Messages qw(LC_MESSAGES)
>>> use POSIX ('setlocale');
>>> setlocale (LC_MESSAGES, '');
>
> Can you commit this stuff to CVS head by yourself? Did you
to install using earlier versions of perl ?
Chris...
Chris Covell wrote:
Guys,
sorry for cross posting this to Devel too, but I have had to do some
code changes
In order to get the OpenCA server started on this RedHat Enterprise 2.1
server with Perl 5.6.1 I have had to edit "OpenCA/DBI.p
utf-8'' at line 1 at ../OpenCA/DBI.pm line 2587."
Am I fighting a loosing battle here because of the Perl version I am
using ? Or is this an error people have seen before ?
Chris...
Chris Covell wrote:
OK, so I have piinned in down a bit.
When you use a DBI the fnction initDBI
Guys,
Try www.openca.info :)
yes this works well. I remember reading about www.openca.info now...
Chris...
---
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object
Guys,
please can you let me have the URL of the workshop documents. I need to
look at one of them and the URL of Olie's test server is not working.
Cheers.
Chris...
---
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOW
sh key "NUMBER". If you don't
> understand my docs then please mail some more or less exact questions so
> that I have a better starting point ;)
I shall spend some time to read the documents now so that I fully
understand the design. Tha
Michael,
> Hi Chris,
>
> I added some notes to the OpenCA guide. You can find them in the tech
> area (batch and database). I also migrated all batch functions so you
> can test the complete stuff.
I am having a bit of trouble with the batch processors.
I am looking at check_pin
Michael,
> shortly before my weekend starts ... it works ;-D
>
> ... and I commited it to CVS some seconds ago.
Cool.
> Design follows during or better after the weekend. Dummy is only for a
> correct SQL syntax. Like mentioned in the discussion with Martin and
> Dalini.
>
> To get some performa
op. Have you
got any design notes that I can see ? As I don't really understand the
"dummy" values in the sequence_* tables. It would be nice to understand
what you are planning to do with these colunms.
I also presume that the other n
odule
itself fails.
I have looked at the database, and it is right ! There is no table
"sequence_csr". What is the format of this table ? I can create it
manually.
Chris...
---
This SF.Net email is sponsored by:
Sybase ASE L
Michael,
> Most important, did you completely delete all your tables and indexes
> and then re-init the database? You have to re-init the database. I
> tested with a MySQL and it worked (from scratch).
yes I did, but still the same error.
I shall try a completely fresh install tomorrow
if the database or the
module itself fails. (error 20016: EXECUTE_FAILED (error
1: Do not commit if the database or the module
itself fails.
error. Can you point me at the area that has changed please, perhaps I can
see something...
Chris...
-
MySQL is 25 % faster than PostgreSQL but I don't know
> anything about the transaction handling of my MySQL.
I checkout your updates now.
Chris...
---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now fo
in the log. But nothing is
reported if I query one of the new tables, eg, "select * from
sequesnce_csr".
Is this because you have set up indexes on these new tables ?
Chris...
---
This SF.Net email is sponsored by:
Sybase ASE
can't see it.
Chris...
---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=
Michael,
>
> Chris, does it be possible that you only test create_pin from CVS head?
>
I have tried copying over create_pin.sub to my 0.9.2 volume test
environment, but have the error:
The workflow function create_pin crashs for process nersc of user
L6Fp6JEZ_21. Can't locate
> Chris, does it be possible that you only test create_pin from CVS head?
I shall export the create_pin code and try it against our volume system.
Cheers
Chris...
---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edit
about" where I live
in Swindon, please follow this link:
http://www.swindonweb.com/life/lifemagi0.htm
All the very best and speak to you soon.
Chris...
---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT p
on the current
OpenCA version.
I hope this document is useful in going forward and that it can be
included in the thinking of the future design of OpenCA 0.9.3 and beyond.
If you have any questions about the environment we have built or the
testing carried out please let me know.
Chris
time.
Chris...
---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http
elease
I say go with Option 1. We need to release a working version of OpenCA
with the new functions that 0.9.2 gives us. This will be the last
version with DBM support.
We then discuss the direction of 0.9.3 at the Developers conference and
on this list, setting prior
share it with you now so that perhaps we can discuss a resolution.
Chris...
---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux
? Is this the type of data you are after ?
Chris...
3000 Batch Process
Create Pin Check Pin Check Key Params
Create Key Check Key Backup Key Check CSR Params
Create CSR Complete CSRCheck CSR Create Cert Enrol Pin
Enrol PKCS12Total
No
the error log output (would you
like to see it ?). I shall keep searching to see how to interpret the
results.
What can I do now to help fix the problem (I know that you know that I
am not a programmer !!!).
Chris...
---
This SF.Net email is sp
arching memory leaks.
Can you give me any clues as to how I can search for memory leaks while
my batch tests are running so that I can try and help pin point the
problems.
Cheers
Chris...
---
This SF.Net email is sponsored by BEA Weblogi
direction, but it still takes 1.5
hours too long !
Before I do any more testing I shall grab the latest CVS and upgrade my
Perl installation to 5.8.5. Many thanks, I shall keep you up to date
with progress.
Chris...
---
This SF.Net email is sponsored
chine is running at 99% memory usage
during these tests.
I would be very interested in your comments on this.
Chris...
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free cop
cond database user (aka namespace) is free...
Ca you use the database profix option to add in a "instance1-",
"instance2-" type prefix to each of the database tables ? Or is this
what you were sugesting ?
Chris...
---
y see a problem with this method.
Chris...
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and
Michael,
many thanks for fixing this, I knew it was that MODE
Chris...
Chris Covell wrote:
Guys,
On Friday 20 August 2004 18:57, Martin Bartosch wrote:
I did not try it again, but I suppose it's a bug. I finally found
out how to import my stuff using SQL import and var/ restore
and
bug...
it looks to me like the MODE is not being sent to the importObjects function,
if I set it manually within the code to RECEIVE then the database recover
works.
Chris...
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on
tabase (I used DB rather than DBI by
accident !) and have exactly the same problem. Did you ever find a solution,
or shall I rasie a bug ?
Chris...
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for
ification is in before starting my volume/speed tests !
Cheers,
Chris...
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on In
back and do it later.
Yes, I think this is a good idea.
Chris...
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Tone
Guys, just to let you know that I am on holiday next week.
I also tried sending this message to the new
[EMAIL PROTECTED] mailing list, but the message
bounced.
Speak to you after the 15th.
Chris...
---
This SF.Net email is sponsored by
emove the postscriptfile of the documentation. HTML
> and PDF should be enough.
I can't see a problem with this one at all.
Chris...
---
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and
er way, I will need to know quite early as I will have to book
flights and accommodation (I shall be coming from the UK). It would be nice
if I could stay in the same hotel as other attendees if this is possible.
Chris...
---
This SF.Net email i
ost of the comments in, if there are any more, then of course add them !
Chris...
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today
Michael (and others)
On Thursday 15 July 2004 12:17, Michael Bell wrote:
> Hi Chris,
>
> can you put this strategic wishlist (incl. the comments from the others)
> into the OpenCA guide so that we have an official strategic plan?
>
> I think it is really important to have an
15, below.
> 15. Improved error handling
> I have seen OpenCA report crude error messages on seemingly
> harmless error conditions. When checking the code it was
> often something like an uninitialized variable that was
> used to call a method on.
Yep, goo
Guys,
I have been thinking about future development for OpenCA and have come up with
the following list. I thought I would share them with you to get some
feedback before putting them on the "OpenCA Features Request page". What do
you think ?
1. Scalability - An indication from the OpenCA team
Oliver,
On Tuesday 13 July 2004 12:04, Oliver Welter wrote:
>
> If you have cvs access feel free to add it, otherwise I will do with my
> next update
OK I have just added the file to CVS.
Chris...
---
This SF.Net email sponsored by
bpImportProcessDataCompact
batchprocessor import new data in compact
form
any
Please let me know if it is meant to look like this and I shall pop it onto
CVS.
Chris...
---
This
lt; $page .= ' ';
---
> $page .= ' ';
288c288
< $page .= ' ';
---
> $page .= ' ';
Should the document.forms be defined somewhere else ?
Chris...
---
This SF.Net email sponsored by Black H
dited the "verifySignature" command to output $text and $signature,
here are the results (from a view source in the browser...). Hopefully the
browser has not broken the CRLF... I could comment out the "unlink" commands
and send the two files if that would be better...
Chris...
TE
lized.
[Info]: Reading Certificate file.
depth:1 serial:00 subject:[EMAIL PROTECTED],CN=diginus
development,O=diginus,C=GB
depth:0 serial:07 subject:serialNumber=7,CN=CA
Admin,OU=Trustcenter,O=Diginus,C=GB
signature:error:-1
)..
I think Michael you fixed this, is it just me ? Or are other people s
Michael,
On Friday 25 June 2004 08:42, Michael Bell wrote:
> cvs update -dP openca-0.9
Thanks for this, I will be able to drive CVS one day I promise !!!
Chris...
---
This SF.Net email sponsored by Black Hat Briefings & Training.
Atten
problem on CVS.
These are not OpenCA bugs, so I am not putting them on the bug tracker.
Chris...
---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital
Michael,
many thanks for this, can you let me know the files you modified for this
enhancement please. I would like to see if I can push the mod into 0.9.1-*
for one of our production systems.
Many thanks
Chris...
-- Forwarded Message --
Subject: [ openca-Bugs-976870 ] CA
ong the lines of...
0.9.4 Tested for volumes up to 100,000 certificates.
0.9.5 On line CA implemented.
0.9.6 PKIX CA interface implemented.
0.9.7 Volume tested up to 1,000,000 certificates.
As you can see I am keen to know the current planned direction of OpenCA.
Chris...
---
file in etc/rbac.
I had this and found that I needed to link to the command file in the node
directory (i.e. /usr/local/openca_ca/openca/lib/servers/cmds/).
I hope this is your problem.
Chris...
---
This SF.Net email is sponsored by The 2004 J
been done in this area for 0.9.2 ? Should I start a
project to look into data exchange before starting my volume testing ?
Chris...
---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM
single certificates (i.e. cert 10,001)
from the CA took a long time due to the whole of the database being
parsed to export the single cert.
Chris...
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Danie
7;t use the sv tool.
Chris...
---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://s
Michael,
On Friday 28 November 2003 07:52, Michael Bell wrote:
>
> should we tag release candidates in CVS? The tag would be like this one:
>
> openca_0_9_2_RC_1
>
Yes, I think this is a good idea.
Chris...
---
This SF.net ema
(when signing a CRL for instance) for the CA root key. What ever password you
type into the CA Password field it is just disgarded. So I would propose a
modification to not ask for a CA password if you are using an HSM.
I shall have a look into these are
ature, or am I wrong ?
Chris...
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforg
bmenus).
>
Guys, both of these look _really_ smart. I like the tab effect in Michael's.
Chris...
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_
1 - 100 of 105 matches
Mail list logo
