The included patch fixes the problem where CAserial no longer works.
Note that you now have to give either CAserial or CAcreateserial (or
both) in order to use a serial number file.
The first hunk of the patch fixes the actual bug report. The second hunk
fixes a bug where there is more than one dot in the CAfile path/filename
or the dot is not in the filename but is in a directory name.
Patched against openssl-0.9.7e (sarge)
Tim.
--- x509.c.orig 2005-05-23 23:53:14.000000000 +0100
+++ x509.c 2005-05-24 00:50:52.000000000 +0100
@@ -593,15 +593,17 @@
if ((x=X509_new()) == NULL) goto end;
ci=x->cert_info;
- if (sno == NULL)
+ if (sno == NULL && CAserial==NULL && !CA_createserial)
{
sno = ASN1_INTEGER_new();
if (!sno || !rand_serial(NULL, sno))
goto end;
}
- if (!X509_set_serialNumber(x, sno))
- goto end;
+ if (sno != NULL)
+ if (!X509_set_serialNumber(x, sno))
+ goto end;
+
if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
@@ -1061,12 +1063,16 @@
if (serialfile == NULL)
{
BUF_strlcpy(buf,CAfile,len);
- for (p=buf; *p; p++)
+ for (p=buf+strlen(buf)-1; p>buf; p--)
+ {
+ if (*p == '/')
+ break;
if (*p == '.')
{
*p='\0';
break;
}
+ }
BUF_strlcat(buf,POSTFIX,len);
}
else
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
