Peter Sylvester comments that a -set_serial option got added to x509 -- my systems people somehow think it optional to install man pages, but I did find it using the --help option of the program itself. It is documented in the man page at the openssl web site.
My memory is now that I had to use a file to pass the serial number to "ca" in that long Perl program because OpenSSL expected to increment and write it back, and was unhappy with not being able to write to the read end of the pipe or some such thing.
Though I thought this OS had bidirectional pipes.
Something else to investigate in my copious free time...
Charles B Cranston wrote:
I don't recall why this code uses a temp file for the serial number instead of using another pipe.
# Make serial number as even-number-of-digits hex string and write file
my $hex = sprintf("%lX",$serial); # Convert serial to hex if ( length($hex) % 2 ) { $hex = '0'.$hex; # Requires even num digits! } my $snf = "$tmpdir/pca.serial.$$"; # Serial num file in config file open SERIAL,">$snf"; # Open write to file print SERIAL $hex; # Write serial number to file close SERIAL; # Close file
-- Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
