I’m trying to understand some code someone wrote as a wrapper for the openssl library / tool, with a view to updating it.
I'm completely new to openssl and PKI in general. I found the following docs / references to help navigate but I wasn't able to find answer to my question. http://users.dcc.uchile.cl/~pcamacho/tutorial/crypto/openssl/openssl_intro.html http://www.madboa.com/geek/openssl/ But I wasn't able to find the answer to my question. *GOAL* What I need to accomplish is to modify some code so that duplicate certs with the same common name and email addresses CANNOT be created if the cert is still active. I am planning on checking the index.txt to see if a cert with the same common name exists, and if it hasn't been revoked, I'll prevent user from creating it again. *Problem:* When I create a certificate using this webtool, I see that the index.txt file in /etc/ssl/ is updated with a record starting with a "V". When I revoke a certificated, the V is changed to R. However, when I delete a certificate, nothing is updated in the index.txt file. The record remains the same -it's not updated with a new status, nor is it deleted from the file. *QUESTIONS* Is it a bug that the openssl index.txt file is not updated when a cert is deleted? If it is, what is the command to update the index.txt to remove a cert? Maybe the wrapper is where the problem is ... the developer may have just forgotten to run a command line tool to update in index.txt file? I guess I just don't know how openssl is supposed to handle a cert deletion and therefore, i can't tell if i have a bug or not... and who's bug it is. Is there a way using the openssl toolset to check for duplicate certs so that I don't have to manually check index.txt? Thanks for the help.
