On Wed, Oct 05, 2005 at 03:56:02PM +0200, Michael Bell wrote:
> Date: Wed, 05 Oct 2005 15:56:02 +0200
> From: Michael Bell <[EMAIL PROTECTED]>
> To: openca-devel@lists.sourceforge.net
> Reply-To: openca-devel@lists.sourceforge.net
> Subject: Re: [OpenCA-Devel] Integer
Michael,
>> Many thanks, I shall be applying the patch to my live system soon.
>
> Can you prepare a working patch and commit it too openca_0_9_2 please?
yes no problem.
Chris...
---
This SF.Net email is sponsored by:
Power Architecture Resou
[EMAIL PROTECTED] wrote:
OK, I have looked hard at this, and the patch does fix the cause and the
symptoms !!! I had not noticed that the root CA has a 16 digit hex serial
(I was sure all my other PKI root ca certs had a serial of 0). So, it is a
big number, so the management of the big number i
Michael,
>> I think I shall also try and write out the serials to the stderr.log so
>> that I can see what the numbers are that are overflowing. This patch
>> (should) fix the symptoms but not the cause !
>
> Sorry Chris, but the cause is our poor handling of cert and other big
> serials. Alexei h
Michael,
>> I think I shall also try and write out the serials to the stderr.log so
>> that I can see what the numbers are that are overflowing. This patch
>> (should) fix the symptoms but not the cause !
>
> Sorry Chris, but the cause is our poor handling of cert and other big
> serials. Alexei ha
[EMAIL PROTECTED] wrote:
I think I shall also try and write out the serials to the stderr.log so
that I can see what the numbers are that are overflowing. This patch
(should) fix the symptoms but not the cause !
Sorry Chris, but the cause is our poor handling of cert and other big
serials. Al
Guys,
>> I think
>> this is not quite correct. IMHO it should be:
>> Math::BigInt->new ('0x'.$serial);
>>
>>
>>>+$ret->{$currentDepth}->{SERIAL} = $serial_obj->bstr();
>>> $ret->{$currentDepth}->{DN} = $dn;
>>> if ($self->{DEBUG})
>>> {
>
> You are
Alexei Chetroi wrote:
Openca 0.9.2.2
Openssl 0.9.7
Integer overflow in hexadecimal number at
/usr/local/ca001_pki/modules/perl5/OpenCA/PKCS7.pm line 392.
Do you have a test system where you can try the attached patch? It is
only a quick fix for the reported error.
+my $ser
On Tue, Oct 04, 2005 at 02:46:12PM +0200, Michael Bell wrote:
> Date: Tue, 04 Oct 2005 14:46:12 +0200
> From: Michael Bell <[EMAIL PROTECTED]>
> Reply-To: openca-devel@lists.sourceforge.net
> Subject: Re: [OpenCA-Devel] Integer overflow
>
> Chris Covell wrote:
>
&
Michael,
Yes, I have got a test system, I can give it a go.
Many thanks
Chris...
>> Openca 0.9.2.2
>> Openssl 0.9.7
>
>> Integer overflow in hexadecimal number at
>> /usr/local/ca001_pki/modules/perl5/OpenCA/PKCS7.pm line 392.
>
> Do you have a test system where you can try the attached patch?
Chris Covell wrote:
Openca 0.9.2.2
Openssl 0.9.7
Integer overflow in hexadecimal number at
/usr/local/ca001_pki/modules/perl5/OpenCA/PKCS7.pm line 392.
Do you have a test system where you can try the attached patch? It is
only a quick fix for the reported error.
Michael
--
__
OK, if I sign a CRR I sign it with a ra admin cert with serial "7", the
sub CA has certificate "4", I get 4 overflow errors in the log. The
message that the "signature is correctly verified" is displayed.
If I approve the CRR without signing then I get no overflow errors. But
as this is a prod
Hello Michael,
I sent my message before the other messages appear in
my inbox, So I checked my certificates and my CA
Certificate has a serialnumber like this:
2147483647
In the CA Interface and in DB I see this:
9521c7414e4e4e69f68e9360c52f98c87cabff15 (0x2531)
If you ask me why I'll have to
Many thanks for your comments guys,
Looking into it i am seeing the errors when approving CRRs, singing them
with a certificate.
i shall take Martins's advice and have a look at the database for the
CRR (they all seem to cause problems). I shall try it without signing
the approval too.
Jue
Johnny Gonzalez wrote:
I have seen that message several times, but until now
it haven't been any problem, it appears after
approving CSRs.
Did you approve with signing? Perhaps one of your CA certs in the chain
has such a high serial (like Juergen stated). Nevertheless the use of
Math::BigIn
Hello Chris,
I have seen that message several times, but until now
it haven't been any problem, it appears after
approving CSRs.
As you say so, it appears for very low serial numbers,
so I guess this could be a bug in perl libraries.
Regards,
Johnny
--- Chris Covell <[EMAIL PROTECTED]> escri
Hi,
> Have any of you ever seen this in the stderr.log ?
>
> Integer overflow in hexadecimal number at
> /usr/local/ca001_pki/modules/perl5/OpenCA/PKCS7.pm line 392.
nope. But I think the reason might be that a request you have been
processing was signed by a "rogue" certificate with a serial num
Chris Covell wrote:
> Guys,
>
> Openca 0.9.2.2
> Openssl 0.9.7
>
> Have any of you ever seen this in the stderr.log ?
No.
> Integer overflow in hexadecimal number at
> /usr/local/ca001_pki/modules/perl5/OpenCA/PKCS7.pm line 392.
>
> The last certificate issued was serial 5368 (0x14F8)
>
> The
18 matches
Mail list logo
