The openssl ca command has a switch -create_serial. This switch allows the
creation of a serialnumber file for certificates. I think it is useful also
for the creation of a crl number file.
Furthemore, if crlnumbers are used then similar to certificates, it
seems useful
to me to have all crls
apps/ca.c has now been changed as suggested; thanks for the patch.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager
Hello,
OpenSSL 0.9.6a and 0.9.7-stable generates CRLs with different
Issuers. While the old version is doing what I believe to be correct,
the stable version uses the CA X.509 certificate issuer instead of the
subject as CRL Issuer.
This patch set the CRL issuer to the value of the X.509
Hello,
OpenSSL 0.9.6a and 0.9.7-stable generates CRLs with different
Issuers. While the old version is doing what I believe to be correct,
the stable version uses the CA X.509 certificate issuer instead of the
subject as CRL Issuer.
This patch set the CRL issuer to the value of the X.509
Here are the diffs I mentioned in an earlier email. To recap:
adds the -notext option to the usage info
adds the -nodb option to avoid recording the cert in the database
adds the -mins option to specify cert expiration in minutes
adds the -find DN option to printthe pathname of a cert
use the standard "strcmp()"-function to compare the
the date-entry in index.txt and the actual date.
That´s all.
I am not an advanced C-programmer so feel free to change everything
or reject it completely ;-)
Hi!
I am trying and actually succeded to pat
some ideas ? Anyway I post the ca.diff patch (use patch -p1 ca.c ca.diff)
so we ca work toghether to the problem.
jfi:
I have seen you already got it. I have missed an "!" in an wrapping if-clause:
+ if ( strncmp( rrow[DB_exp_date], "49", 2 ) = 0 )
+ db_y2
