On Tuesday 15 September 2009 21.49.04 jehan procaccia wrote: > Leif Johansson a écrit : > > On Tuesday 15 September 2009 15.54.33 Jehan PROCACCIA wrote: > >> Le 15/09/2009 09:37, Leif Johansson a écrit : > >>> On Monday 14 September 2009 16.17.26 jehan procaccia wrote: > >>>> Indeed CSP is a version 0.34 since 2007, no updates since then ... > >>>> but perhaps the project is mature and bug free, no evolution needed ? > >>>> is there still someone behind it (leifj at it.su.se is in copie ...) > >>> > >>> I'm le...@sunet.se now but I'm alive. CSP is pretty mature and doesn't > >>> see a lot of development. Reasonably bug-free but feel free to prove > >>> me wrong :) > >>> > >>> Cheers Leif > >> > >> Yes CSP is mature and works perfectly for me, it gives all the feature I > >> need; cli close enough to openssl if we want to dig into it ... and a > >> web publication, thanks again for this great tool. > >> > >> However one thing goes wrong for me, which might be a mis-configuration > >> of me ... > >> > >> Leif, > >> > >> We might continue this thread off-list as the discussion goes more into > >> CSP than openssl ... I end this question here, but you could respond me > >> personnaly if needed ... > >> > >> when I self sign a root CA, the basicConstraints CA:TRUE is not present > >> > >> :-( altough I did sign it with --type=root which I suposed should end up > >> > >> going to extension.conf file parsing the : > >> %ifdef TYPE_CA > >> basicConstraints = critical,CA:TRUE > >> I wonder where and when the types.txt (type "root" is defined there !) > >> file is loaded in the process of self sign, > >> I tried to use CSPDEBUG=1 to see what happened, I did had a > >> /tmp/csp-21399.conf file but it finally deseappeared after the process. > >> if you could clarify me this point it would be perfect . > >> > >> regards . > > > > It does sound like a bug. I assume you got your CSP from the svn ? > > > > Cheers Leif > > Not svn, I got it from ftp://ftp.su.se/pub/users/leifj/ > however, now that I used --type=ca instead of --type=root , I finally > did got basicConstraints = critical,CA:TRUE > but indeed, I though that type=root was the correct type for a root CA, > usage for csp init isn't clear on this : > /usr/local/bin/csp <ca name> init > [--type=<root|ca>] -> means root = ca or root and ca should generate > different types, regarding types.txt : > ca:CA Certificate > root:Self-Signed Root Certificate > In fact I need both ca and root , I manage to add what I wanted in > extension.conf anyway ... > but did I mis-use/mis-configured CSP , or is this a real bug ? > > Regards .
It could be a bug that was already fixed in svn but never released. I'll
investigate.
Cheers Leif
signature.asc
Description: This is a digitally signed message part.
