Recently I've discovered problem with our automated test script, which creates several certificates using openssl ca command.
Script used to create two certificates with identical distinguished name, but different public key algorithms (which seems to be a situation which can occur in real world) It works with 0.9.8, and worked with development snapshot for a long time, but recently it began to fail with obscure report TXT DB Error 2. Looking into crypto/txt_db/txt_db.h I've found that it means DB_ERROR_INDEX_CLASH. I've supposed that it means that I'm trying to insert two records with identical primary keys in the database and temporarily fixed situation by adding algorithm name into DN as OU field (which is acceptable for automated tests, but not for real world). But I cannot find any info what is index for database, used by openssl ca command (index.txt file) and how one supposed to handle duplicated indexes. Index.txt database, used by ca command has following fields 1. Certificate validity flag 2. Certificate expiration date 3. Сertificate revocation date (if any) 3. Certificate serial number 4. Revocation reason 5. Certificate DN (in X509_NAME_oneline format which is not quite readable if utf-8 is used for DN fields) So, I cannot see how situation with different certificates with different key usage or different algorithms for same subject can be handled if unique primary key for this database is required. Or may be I'm misunderstanding meaning if INDEX_CLASH error? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org