Le vendredi 6 décembre 2013 à 01:06, Viktor Dukhovni a écrit :
> Except that the answer is wrong if you have the private keys of
> the issuing CA or you're willing to generate a similar new CA whose
> private key you generate. A CA can resign an existing certificate,
> by modifying selected fields, and generating a new signature.
> That's what the code I posted does (it updates only the validity
> interval).
There is something great… It’s that the pkits solution in the SO website, the
certificates in the NIST's « zip file » are exactly the same as my test
certificates T_T
A simple note or README would have been great in the unit test directory -_- .
BTW I’ve noticed that I’ve let a typo in my first post:
- I’m the the
+ I’m not the
> If you don't need to or prefer not to test with your original
> certificates, and are willing to use a different test-rig, then of
> course you can do that.
I need my certs, but besides the « existant » test part, the answer is good
because it prevent me and the future dev of being able to regenerate the
certificates every 10 years. And after having checked, thanks to them, they’ve
already planned that :D (But didn’t wrote it somewhere).
Anyway, I would be glad to try your script anytime, I’ll keep it somewhere (or
in your answer’s uuencoded body)
Thanks a lot
--
Cordialement, Adnan RIHAN.
Directeur-Gérant de Eolis-Software, société de services informatiques.
$this->set("Mobile", "+33 (0) 6 78 62 26 20");
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
