You can subscribe to this list here.
2001 |
Jan
|
Feb
|
Mar
(30) |
Apr
(18) |
May
(19) |
Jun
(19) |
Jul
(18) |
Aug
(90) |
Sep
(78) |
Oct
(166) |
Nov
(43) |
Dec
(19) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2002 |
Jan
(11) |
Feb
(47) |
Mar
(46) |
Apr
(104) |
May
(35) |
Jun
(5) |
Jul
(11) |
Aug
(28) |
Sep
(8) |
Oct
(45) |
Nov
(20) |
Dec
(26) |
2003 |
Jan
(18) |
Feb
(18) |
Mar
(89) |
Apr
(38) |
May
(29) |
Jun
(16) |
Jul
(17) |
Aug
(11) |
Sep
(62) |
Oct
(23) |
Nov
(23) |
Dec
(23) |
2004 |
Jan
(96) |
Feb
(27) |
Mar
(28) |
Apr
(48) |
May
(47) |
Jun
(48) |
Jul
(142) |
Aug
(170) |
Sep
(94) |
Oct
(50) |
Nov
(130) |
Dec
(58) |
2005 |
Jan
(22) |
Feb
(131) |
Mar
(78) |
Apr
(50) |
May
(42) |
Jun
(77) |
Jul
(82) |
Aug
(70) |
Sep
(53) |
Oct
(36) |
Nov
(26) |
Dec
(44) |
2006 |
Jan
(22) |
Feb
(22) |
Mar
(4) |
Apr
(1) |
May
(15) |
Jun
(3) |
Jul
(5) |
Aug
(12) |
Sep
(14) |
Oct
(3) |
Nov
(1) |
Dec
(1) |
2007 |
Jan
(7) |
Feb
(4) |
Mar
(1) |
Apr
(2) |
May
(15) |
Jun
(7) |
Jul
(5) |
Aug
(1) |
Sep
(1) |
Oct
(6) |
Nov
(1) |
Dec
(9) |
2008 |
Jan
(1) |
Feb
(3) |
Mar
(3) |
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
(3) |
Sep
(1) |
Oct
(9) |
Nov
(3) |
Dec
(14) |
2009 |
Jan
(8) |
Feb
(1) |
Mar
(1) |
Apr
(1) |
May
(5) |
Jun
(3) |
Jul
(1) |
Aug
|
Sep
(2) |
Oct
(3) |
Nov
(6) |
Dec
|
2010 |
Jan
(2) |
Feb
(6) |
Mar
(4) |
Apr
(1) |
May
(2) |
Jun
(1) |
Jul
(1) |
Aug
(2) |
Sep
(18) |
Oct
(9) |
Nov
(2) |
Dec
(1) |
2011 |
Jan
(1) |
Feb
(2) |
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2012 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
2013 |
Jan
|
Feb
(1) |
Mar
(1) |
Apr
(1) |
May
|
Jun
(2) |
Jul
(4) |
Aug
(2) |
Sep
(11) |
Oct
(1) |
Nov
|
Dec
(9) |
2014 |
Jan
(1) |
Feb
(2) |
Mar
(2) |
Apr
(1) |
May
(4) |
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
(4) |
Nov
(1) |
Dec
(2) |
2015 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Bry8 S. <bry...@ya...> - 2013-02-13 08:29:55
|
Hi, From this below webpage: http://www.openca.org/projects.shtml I'm trying to download this below repo file: http://ftp.openca.org/openca-yum-repos/openca-yum-repos-0.0.1-1.el.noarch.rpm But its not working ! Alternatively, can you please show simple code lines in that webpage ? for manually creating the repo file "openca.repo" in /etc/yum.repos.d/openca.repo What "baseurl" are we suppose to use ? Inside your repo, do you release SRPM as well along with OpenCA RPM ? Is it for EL5 or EL6 ? (Trying to use it on 32-bit CentOS 6.3 (it is based on RHEL / EL 6.3) Please see this issue(s) and solve/fix it, THANKS in advance, -- Bright Star. |
From: Carlos V. <car...@ni...> - 2012-09-24 16:19:41
|
Hi, Here is a patch for openca-base 1.3.0 Usually OpenCA uses external perl modules (DBI, DBD...) built for use only with OpenCA. I think this is for "stability" of OpenCA works, as these module versions are tested. However these modules are updated more often than OpenCA, so OpenCA uses old versions and they tend to not build fine in modern perl versions or they give incompatibilities with another modules. So, this patch makes OpenCA to ignore these modules and then the perl system-wide modules are used, and system-wide modules can be upgraded easily using cpan/cpanp. Then the required modules are listed in src/ext-modules directory: Authen-SASL-2.15.tar.gz Bit-Vector-7.1.tar.gz CGI-Session-4.48.tar.gz CGI.pm-3.49.tar.gz CGI.pm-3.59.tar.gz Convert-ASN1-0.22.tar.gz DBD-Pg-2.19.2.tar.gz DBD-mysql-4.020.tar.gz DBI-1.618.tar.gz DB_File-1.826.tar.gz Digest-HMAC-1.03.tar.gz Digest-MD5-2.51.tar.gz Digest-SHA-5.71.tar.gz Digest-SHA1-2.13.tar.gz FCGI-0.74.tar.gz File-Temp-0.22.tar.gz IO-Socket-SSL-1.31.tar.gz IO-stringy-2.110.tar.gz MIME-Base64-3.13.tar.gz MIME-Lite-3.027.tar.gz MIME-tools-5.502.tar.gz MailTools-2.09.tar.gz Net-SSLeay-1.40.tar.gz Net-Server-0.99.tar.gz Parse-RecDescent-1.94.tar.gz URI-1.52.tar.gz X500-DN-0.29.tar.gz XML-Parser-2.36.tar.gz XML-Parser-2.41.tar.gz XML-SAX-Base-1.08.tar.gz XML-Twig-3.39.tar.gz libintl-perl-1.20.tar.gz perl-ldap-0.43.tar.gz Ignoring versions, these modules must be installed in system-wide perl for OpenCA to work fine. Using system-wide modules has the drawback that OpenCA code can need modification if any of these modules is changed and any incompatibility can arise. Regards, Carlos Velasco |
From: Carlos V. <car...@ni...> - 2012-09-24 16:08:40
|
Hi, Here are two patches for openca-base 1.3.0. They fix memory leaks in: 1. DBI simple bug with debug sub adding strings but never freeing (printing). 2. Several leaks in XS Openssl.xs. Structures didn't have any destructor (DESTROY) function and some frees were missing, so any call to Openssl was really a leak for sure. These leak fixes are very important for auto daemons, like autoCRL, where I found 1 autoCRL process eating 50% of my machine memory over time...... The Openssl.xs patch is good using openssl 1.0.1 but not sure if it works in 0.9.8 without touching it a bit, as I only used 1.0.1 versions while searching for the leaks. Included in this, there is a new ppport.h file, created with a recent perl module. Included in openca package was very old. IMHO these patches are a must for a stable OpenCA. PS: I know Max is in NY now... but is he still online? There are a lot of patches that should be commited. Regards, Carlos Velasco |
From: Tim R. <ti...@mu...> - 2011-04-15 15:56:57
|
On Fri, 15 Apr 2011, ÖÜÏàÖÙ wrote: > Hi dear, I'm develop with opencaPKI 1.1.1 on ubuntu 10.04 LTS [snip] > I'm intending to install the offline component on the same system as online component. Having been down that road with the 1.1.0 code I'd say save yourself a lot of grief and use different computers for offline and online components. -- Tim Rice Multitalents (707) 887-1469 ti...@mu... (707) 456-1146 |
From: 周相仲 <zho...@ye...> - 2011-04-15 15:33:26
|
Hi dear, I'm develop with opencaPKI 1.1.1 on ubuntu 10.04 LTS and when "PREFIX/etc/openca/configure_etc.sh" is excuted, it shows: Error while loading configuration (/usr/local/etc/openca/servers/node.conf)!Content-type: text/html While I check the folder "servers" there is no file named node.conf... Here is the process: ------------------------------------------------------------------------------------------------------------------- ./configure --with-node-prefix=online-node --with-db-type=mysql --with-db-name=cadatabase --with-db-user=cadmin --with-db-passwd=cadmin make make test (some problems with initDB and User.pm occurs and I've found issues on opencaPKI Wiki) sudo make install-online ------------------------------------------------------------------------------------------------------------------------ I'm intending to install the offline component on the same system as online component. Can anyone help me out? I'm a green hand on openca. Thanks a lot!! -- 周相仲13811100214 |
From: Szabó Á. <aro...@eg...> - 2011-04-13 08:48:36
|
Dear Members, could someone show me a patch or explain me where (in which file) to modify the code or how to fix startAutoCRL errors in OpenCA v1.1.0? I use it on Debian Lenny. I've found the notices (published on 2010-02-22) about fixing these errors in connection with DB-handlers, but I can not update the OpenCA now, therefore I have to fix these problems in the v1.1.0 version. --- * Feb 22 2010 Massimiliano Pala <ma...@op...> -Fixed startAutoCA, startAutoCRL, and startAutoEmail (lost db handler) --- It is very slow to debug the system, because the startAutoCRL runs for apprx. 2-6 days, and after that it suddenly stops (in the logfiles I see the mentioned DB-handling errors). First I thought that the reason is some kind of sessionId which can be destroyed e.g. during an Apache2 restart (enforced by logrotate.d script every week), but I am not sure... Thanks in advance! Aron Szabo E-Group Hungary |
From: Massimiliano P. <pro...@op...> - 2011-02-12 00:47:30
|
Dear OpenCA Community, The OpenCA Labs and the OCSPD Team announce the availability of the new version of the OCSPD package (Ellie/v2.1.0). Project Overview: ================= The OpenCA OCSPD project is aimed to develop a robust and easy-to-install OCSP daemon. The server is developed as a stand-alone application and can be integrated into many different PKI solutions as it does not depend on specific database scheme. Furthermore it can be used as a responder for multiple CAs. The OCSP Responder is an rfc2560 compliant OCSPD responder. The purpose of such a server is to provide an on-line tool to verify the revocation status of a X.509 certificate in applications such as Browsers. Major Improvements over Previous Release (v2.0.0) are: ====================================================== o Updated default configuration files (default passin set to none) o Enhanced support for ECDSA support, updated thread management with builtin support from LibPKI 0.6.3 o Fixed start/stop script, fixed a memory error in config.c causing segfault on CRL reload o Deleted extra two bytes sent out after the DER encoding of the response is written (that was causing Firefox/Thunderbird not to validate the response) o Fixed an error in return code check for PKI_NET_listen o Fixed error in config parsing when no bind address was provided. Project Status: =============== [11 Feb 2011] OpenCA OCSPD v2.1.0 (Ellie) is released [17 Nov 2010] OpenCA OCSPD version 2.0.0 is released [21 Oct 2006] OpenCA OCSPD version 1.5.1 rc1 is available [19 Jul 2006] OpenCA OCSPD version 1.1.1 is released Project developers' Tasks: ========================== Massimiliano Pala is currently working on: o Enhancing support for ECDSA;; o Debugging; Open Issues: ============ o Wishes: ======= o References: =========== The OpenCA Project main website can be found at http://www.openca.org/ You can find all current versions and available documentation there. You can also download any part of the software or documentation also at the official ftp site: http://www.openca.org/projects/ocspd http://ftp.openca.org/ocspd or from one of the official mirrors: http://www.openca.org/mirrors.shtml Thanks ====== Thank you for supporting the Open Source community by using/contributing to/ reporting bugs/cheering this project! Now go ahead and actively contribute to make the world a better place! OpenCA Labs Director, Massimiliano Pala, Ph.D |
From: Massimiliano P. <pro...@op...> - 2011-02-11 16:43:14
|
Dear OpenCA Community, The OpenCA Labs and the LibPKI Team announce the availability of the new version of the LibPKI package (Viper/v0.6.3). Project Overview: ================= The LibPKI Project is aimed to provide an easy-to-use PKI library for PKI enabled application development. The library provides the developer with functionalities to manage Public Key Certificates, from generation to validation. The LibPKI Project enables developers with the possibility to implement complex cryptographic operations with a few simple library calls by implementing an high-level cryptographic API. The library constitutes the core of many other projects at OpenCA Labs (e.g., PRQP Server, OCSP Responder, and OpenCA-NG). We provide it as a separate package to enable application developers to easily integrate X509 digital certificates in their own applications. Currently we support for OpenSSL libraries as low-level crypto provider. Project Status: =============== o [10 Feb 2011] v0.6.3/Viper release is available for download o [17 Nov 2010] v0.6.1/Turkey release is available for download o [02 Sep 2010] v0.5.1/zoiberg release is available for download o [27 Aug 2010] v0.5.0/lulu release is available for download o [24 Mar 2010] v0.4.1/tiger2 release available for download o [19 Apr 2009] v0.3.0/tiger release available for download o [16 Jan 2009] v0.2.0/shark release available for download o [20 Mar 2008] Third release available for download (libpki v0.1.9) o [25 Oct 2007] Second release available for download (libpki v0.1.8) o [23 Mar 2007] First initial code available for download (libpki v0.1.1) Major Changes and Fixes: ======================== o Added pki-cert tool to view/manipulate certificates o Added PKI_ALGORITHM data structures for initializing X509 algorithm identifiers o Fixed name comparison for certificate profile loading o Fixed URL input management for stdin, stdout, stderr file stream o Fixed rpath config on Solaris/OpenSolaris o Added PKI_KEYPARAMS structure to pass key generation parameters to HSMs o Added compressed/uncompressed encoding options for EC keys o Fixed default validity in pki-tool o Added profile/keyParams section parsing in profiles configuration files (PKI_TOKEN) o Updated default key min/suggested sizes o Improved pki-tool command line tool (added params for EC key generation, better -batch handling) o Extended no-case keyUsage and extendedKeyUsage extension parsing in profiles o Fixed return code in PKI_NET_Listen(). Now it returns PKI_ERR in case of errors or the socket number (e.g., int > 2 ). o Fix in PKI_X509_OCSP_RESP_STATUS definition o Fix in token.c (load config) o Extended ECDSA support (configuration option) and fixed ECDSA get Algorithm by Name (now working with ECDSA-SHA1, ECDSA-SHA256,...) o New library versioning Current Project developers' Tasks: ================================== Massimiliano Pala is currently working on: - Enhancing support for ECDSA; - Enhancing support for PKCS#11 devices (DSA and ECDSA); - Extending the Log subsystem to provide signed and verifiable logs; - Enhancing the PKI_MSG interface Open Issues: ============ o Extensions management is still not stable for complex exts, the code needs to be checked and extended o Support for NSS crypto layer still pending o Porting to Win32 (provide support for Microsoft Crypto API) Wishes: ======= o Let us know (!) References: =========== The OpenCA Project main website can be found at http://www.openca.org/ You can find all current versions and available documentation there. You can also download any part of the software or documentation also at the official ftp site: http://www.openca.org/projects/libpki http://ftp.openca.org/libpki or from one of the official mirrors: http://www.openca.org/mirrors.shtml Thanks ====== Thank you for supporting the Open Source community by using/contributing to/ reporting bugs/cheering this project! Now go ahead and actively contribute to make the world a better place! OpenCA Labs Director, Massimiliano Pala, Ph.D |
From: Daniel A. <dan...@is...> - 2011-01-27 20:43:03
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I had problems with UTF8 strings in advanced_csr displaying wrong characters in the browser (?) on non "standard" characters, that resulted in bloated CSRs. This happened only in the DN entry (O and C attributes), these wrong strings resulted from the XML parser when parsing browser_req.xml (and probably other xml utf8 encoded files), that wasn't giving strings in utf8. The form hidden fields had already the encoding error, wrong values were being submited by the user. All input that came from the user browser input appeared to be properly UTF-8 encoded. My config files are all in UTF-8, so there must had to be a double encoding problem, encoding conversion problem or something like that. Checked the database and DBI, but the problem wasn't there... I found that this could be solved by appending a hard-coded hidden attribute in openca-1.1.1/lib/openca/cmds/advanced_csr +356 $hidden_list->{"O"} = "Instituto Superior Técnico"; As this was not they right way to solve it, I digged it a little further, finding out that the problem was in the XML parser XML::Twig, that wasn't mantaining the original utf8 encoding from XML configuration files. I solved it by passing the keep_encoding argument, to the XML::Twig constructor: openca-1.1.1/lib/openca/functions/rbac-utils.lib:115: my $twig_config = new XML::Twig('keep_encoding' => 1); There are other occurrences of this constructor, I think these should also respect the XML parsed file encoding: openca-1.1.1/lib/openca/perl_modules/perl5/OpenCA/Log/Message.pm:147: $self->{twig} = new XML::Twig('keep_encoding' => 1); openca-1.1.1/lib/openca/perl_modules/perl5/OpenCA/XML/Cache.pm:427: $self->{CACHE}->{$filename} = new XML::Twig('keep_encoding' => 1); openca-1.1.1/lib/openca/perl_modules/perl5/OpenCA/Tools.pm:440: $self->{twig} = new XML::Twig('keep_encoding' => 1); I don't know if this is the best way to solve this problem, but it does the job. I think this might solve some other problems in OpenCA with strange characters (?), as long as XML configuration files have the right encoding. By the way I'm using Debian 6.0 / squeeze. Cheers, Daniel Almeida DSI/Instituto Superior Técnico -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1B0E8ACgkQ/OHAq1+3BPUy8gCgv3eRM5zZGFWDAeztcVWBeNuy m3EAnixdffycS3JQO+pn+rtWonARaE2M =OlIu -----END PGP SIGNATURE----- |
From: Dirk G. <go...@et...> - 2010-12-22 11:03:23
|
Hello, I installed ocspd-1.9.0 on my gentoo system and had some problems with it: * When I left out a server_cert in the one and only CA section (dbms_file) of the configfile, ocspd skipped that section and could not answer requests for that CA. * When I specified a server_cert I got segmentation faults caused by line 735 of src/hash-db.c. I had a closer look at what is going on and the following patch solves my problems: diff --git a/src/hash-db.c b/src/hash-db.c index 0528d35..5dc27c8 100644 --- a/src/hash-db.c +++ b/src/hash-db.c @@ -727,8 +727,9 @@ STACK_OF(CA_ENTRY_CERTID) *ocspd_CA_ENTRY_CERTID_new ( if( cid ) OPENSSL_free (cid); return (NULL); }; - cid->hashAlgorithm = (X509_ALGOR *) OBJ_nid2obj(nid); - if(cid->hashAlgorithm == NULL) { + cid->hashAlgorithm = X509_ALGOR_new(); + cid->hashAlgorithm->algorithm = OBJ_nid2obj(nid); + if(cid->hashAlgorithm->algorithm == NULL) { if( cid ) OPENSSL_free (cid); return (NULL); }; Version 2.0.0 still has similar code in src/ocspd/config.c and probably it also needs some handling. Currently, I cannot test version 2.0.0 as I do not yet understand how all the new configfiles work together. Best regards, Dirk |
From: Massimiliano P. <Massimiliano.Pala@Dartmouth.edu> - 2010-11-17 23:06:19
|
OpenCA OCSPD Project Overview: ============================== The OpenCA OCSPD project is aimed to develop a robust and easy-to-install OCSP daemon. The server is developed as a stand-alone application and can be integrated into many different PKI solutions as it does not depend on specific database scheme. Furthermore it can be used as a responder for multiple CAs. The OCSP Responder is an rfc2560 compliant OCSPD responder. The purpose of such a server is to provide an on-line tool to verify the status of a certificate (such as Mozilla/Firefox/Netscape7). The Responder was included into the main OpenCA distribution package. It is also possible to install the daemon as a stand-alone application, all you will need is a CRL (or access to an LDAP server where to get the CRL from). Project Status: =============== OpenCA OCSPD version 2.0.0 Status: Released [17 Nov 2010] OpenCA OCSPD version 1.9.0 Status: rc1 available [21 Oct 2006] OpenCA OCSPD version 1.5.1 Status: rc1 available [21 Oct 2006] OpenCA OCSPD version 1.1.1 Status: Released [19 Jul 2006] Project developers' Tasks: ========================== Massimiliano Pala is currently working on: o Multiple certificate/keys usage for different CA o LibPKI v0.6.0 support o Harware support (PKCS#11, OpenSSL Engine) o Support for POST and GET HTTP methods o Support for EC key/certificates (if supported by installed OpenSSL) Open Issues: ============ o Better compliance to RFC-2560 in case multiple CAs are configured Wishes: ======= o References: =========== The OpenCA Project main website can be found at http://www.openca.org. You can find all current versions and available documentation there. You can also download any part of the software or documentation also at the official ftp site: ftp://ftp.openca.org or from one of the official mirrors: http://www.openca.org/mirrors.shtml |
From: Massimiliano P. <Massimiliano.Pala@Dartmouth.edu> - 2010-11-17 21:30:49
|
Hello, sorry for the delay, but I am very busy in this period. I just updated the LibPKI package to support IPv6. I completed the tests, so the new version v2.0.0 of OCSP which I will publish quite soon, is IPv6 capable (and tested). It will require LibPKI v0.6+. Cheers, Max On 11/12/2010 04:40 AM, Santhana Krishnan Narayanan (santhnar) wrote: > Hi, > > I was trying to use OpenCA OCSP service for some testing with Ipv6. I > would like to know if Ipv6 is supported. |
From: Massimiliano P. <Massimiliano.Pala@Dartmouth.edu> - 2010-10-09 14:29:47
|
Dear Rodrigo, thanks for the updates. The procedures for providing the translation for the 1.1.0+ version of OpenCA have not changed since the 0.9.2. Although you might need to update your translation file with the new text. Please, send the translation file back to me, I will add it to the distribution. For your question about compiling OpenCA, can you be more specific ? In particular compiling OpenCA from sources should be easy. On many systems just using './configure && make && make install-[offline|online]' should work. Remember to install the openssl-devel packages (the .h files are required to compile some of the tools used in openca). Later, Max On 10/07/2010 02:53 PM, Rodrigo Raiher wrote: > Dear Friend, > > O work to a brazilian government, in Rio de Janeiro. > > We use the OpenCA as a private PKI, with non profit, just to be green > compliance. > > I have an OpenCA server working with version 0.9.2.5, and I have the > traduction the screens to brazilian portuguese language. > The PKI is working on a SUN UltraSparc Hardware, with 2 Servers (AR and > AC), each one with a separate DB, with the Debian Etch 4.0. > > So, now I have to build a new PKI in a VMWare Machines, using Debian > Lenny 5.0. > A have installed Openldap, Openssl, mod_ssl, Apache 2.2, Perl, > OpenCa-Tools, GCC, and some other libs to compile the same version of > OpenCA, 0.9.2.5, because I need it in my local language, brazilian > portuguese, with the documentation I´ve done for it. > > O know the actual version of OpenCA is 1.1.0, but have not yet my > language (brazilian portuguese) available for install. > > Do you know if I can use my traduction files (0.9.2.5) on the new > version 1.1.0, and how to do this? > > Another question is, what is required to compile the OpenCA from > sources, because I have many erros in the script. > > I can send you my traduction files in brazilian portuguese, to > contribute with the project. > > Thank you very much for help. > > -- > Rodrigo Raiher > +55 21 2333-1469 -- Best Regards, Massimiliano Pala --o------------------------------------------------------------------------ Massimiliano Pala [OpenCA Project Manager] op...@ac... pro...@op... Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332 PKI/Trust Laboratory Work Phone: +1 (603) 646-8734 --o------------------------------------------------------------------------ People who think they know everything are a great annoyance to those of us who do. -- Isaac Asimov |
From: Ralf H. M. <ra...@be...> - 2010-10-05 16:18:35
|
Hooman Taherinia <ho...@gm...> wrote: > Thanks a lot; I tried lower versions of OpenSSL (0.9.7m) and it went well. You'd rather use at least 0.9.8 unless you don't need UTF8 encoded certificates. Ralf |
From: Hooman T. <ho...@gm...> - 2010-10-05 15:48:17
|
Thanks a lot; I tried lower versions of OpenSSL (0.9.7m) and it went well. Hoomant On Tue, Oct 5, 2010 at 6:55 PM, Tim Rice <ti...@mu...> wrote: > On Tue, 5 Oct 2010, Ralf Hornik Mailings wrote: > > > Tim Rice <ti...@mu...> wrote: > > > > > For OpenSSL 1.0.0a you will need the atached patch. > > > Untar openca-base-1.1.0/src/ext-modules/Net-SSLeay-1.36.tar.gz, patch > > > and tar it back up. Then try building OpenCA. > > > > I'd recomment for modules like SSLeay or similar always to use the > > ones shipped by CPAN (or apt as well). > > This modules are well tested to work with the corresponding openssl > > version and will not break your system during duplicate or > > incompatible module versions. > > A good tip in the general sense. In this paticular case, > http://search.cpan.org/dist/Net-SSLeay/ indicates that Net-SSLeay-1.36 > is the current version. Net-SSLeay-1.36 will not build against > OpenSSL 1.0.0a without patching. After much googling, I found the > patch on one of the redhat mailing lists. > > > > > Regards > > Ralf > > -- > Tim Rice Multitalents (707) 887-1469 > ti...@mu... > > > > > ------------------------------------------------------------------------------ > Beautiful is writing same markup. Internet Explorer 9 supports > standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. > Spend less time writing and rewriting code and more time creating great > experiences on the web. Be a part of the beta today. > http://p.sf.net/sfu/beautyoftheweb > _______________________________________________ > OpenCA-Devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openca-devel > -- "Great spirits have always encountered violent opposition from mediocre minds." -- Albert Einstein |
From: Tim R. <ti...@mu...> - 2010-10-05 15:25:15
|
On Tue, 5 Oct 2010, Ralf Hornik Mailings wrote: > Tim Rice <ti...@mu...> wrote: > > > For OpenSSL 1.0.0a you will need the atached patch. > > Untar openca-base-1.1.0/src/ext-modules/Net-SSLeay-1.36.tar.gz, patch > > and tar it back up. Then try building OpenCA. > > I'd recomment for modules like SSLeay or similar always to use the > ones shipped by CPAN (or apt as well). > This modules are well tested to work with the corresponding openssl > version and will not break your system during duplicate or > incompatible module versions. A good tip in the general sense. In this paticular case, http://search.cpan.org/dist/Net-SSLeay/ indicates that Net-SSLeay-1.36 is the current version. Net-SSLeay-1.36 will not build against OpenSSL 1.0.0a without patching. After much googling, I found the patch on one of the redhat mailing lists. > > Regards > Ralf -- Tim Rice Multitalents (707) 887-1469 ti...@mu... |
From: Ralf H. M. <ra...@be...> - 2010-10-05 14:15:16
|
Tim Rice <ti...@mu...> wrote: > For OpenSSL 1.0.0a you will need the atached patch. > Untar openca-base-1.1.0/src/ext-modules/Net-SSLeay-1.36.tar.gz, patch > and tar it back up. Then try building OpenCA. I'd recomment for modules like SSLeay or similar always to use the ones shipped by CPAN (or apt as well). This modules are well tested to work with the corresponding openssl version and will not break your system during duplicate or incompatible module versions. Regards Ralf |
From: Tim R. <ti...@mu...> - 2010-10-05 13:36:40
|
On Mon, 4 Oct 2010, Hooman Taherinia wrote: > I've tried it with OpenSSL 1.0.0a and OpenSSL 0.9.8k-7ubuntue8.1! > Do you think this is the problem? For OpenSSL 1.0.0a you will need the atached patch. Untar openca-base-1.1.0/src/ext-modules/Net-SSLeay-1.36.tar.gz, patch and tar it back up. Then try building OpenCA. > I'll try lower versions compatible with OpenCA v1.1.0; > BTW, my Open CA Tools version is 1.3.0. > > On Sun, Oct 3, 2010 at 10:55 PM, Tim Rice <ti...@mu...> wrote: > > > On Sun, 3 Oct 2010, Hooman Taherinia wrote: > > > > > I did build "Open SSL", "DBI", and "Open CA Tools" successfully; > > configured > > > the Open CA completely! But when I try to "make" Open CA,, I get stuck on > > > building "Net::SSLeay::136" module saying: > > > > > > Building (Net::SSLeay::136) ... ERROR::Can not build module > > > make[6]: *** [Net-SSLeay-1.36] Error 1 > > > make[5]: *** [modules] Error 1 > > > > What version of OpenSSL do you have on your machine? > > -- Tim Rice Multitalents (707) 887-1469 ti...@mu... |
From: Hooman T. <ho...@gm...> - 2010-10-04 08:53:36
|
I've tried it with OpenSSL 1.0.0a and OpenSSL 0.9.8k-7ubuntue8.1! Do you think this is the problem? I'll try lower versions compatible with OpenCA v1.1.0; BTW, my Open CA Tools version is 1.3.0. On Sun, Oct 3, 2010 at 10:55 PM, Tim Rice <ti...@mu...> wrote: > On Sun, 3 Oct 2010, Hooman Taherinia wrote: > > > I did build "Open SSL", "DBI", and "Open CA Tools" successfully; > configured > > the Open CA completely! But when I try to "make" Open CA,, I get stuck on > > building "Net::SSLeay::136" module saying: > > > > Building (Net::SSLeay::136) ... ERROR::Can not build module > > make[6]: *** [Net-SSLeay-1.36] Error 1 > > make[5]: *** [modules] Error 1 > > What version of OpenSSL do you have on your machine? > > -- > Tim Rice Multitalents (707) 887-1469 > ti...@mu... > > > > > ------------------------------------------------------------------------------ > Virtualization is moving to the mainstream and overtaking non-virtualized > environment for deploying applications. Does it make network security > easier or more difficult to achieve? Read this whitepaper to separate the > two and get a better understanding. > http://p.sf.net/sfu/hp-phase2-d2d > _______________________________________________ > OpenCA-Devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openca-devel > -- "Great spirits have always encountered violent opposition from mediocre minds." -- Albert Einstein |
From: Tim R. <ti...@mu...> - 2010-10-03 19:25:51
|
On Sun, 3 Oct 2010, Hooman Taherinia wrote: > I did build "Open SSL", "DBI", and "Open CA Tools" successfully; configured > the Open CA completely! But when I try to "make" Open CA,, I get stuck on > building "Net::SSLeay::136" module saying: > > Building (Net::SSLeay::136) ... ERROR::Can not build module > make[6]: *** [Net-SSLeay-1.36] Error 1 > make[5]: *** [modules] Error 1 What version of OpenSSL do you have on your machine? -- Tim Rice Multitalents (707) 887-1469 ti...@mu... |
From: Hooman T. <ho...@gm...> - 2010-10-03 17:20:29
|
Hi, Thanks for the great software. I've been trying to install and build Open CA on my newly installed Ubuntu 10.04. I followed the "INSTALL" guides, referring to the "INSTALL" file, also "Installation" guidelines of the wiki and many others. But I can't "make" the Open CA yet. I did build "Open SSL", "DBI", and "Open CA Tools" successfully; configured the Open CA completely! But when I try to "make" Open CA,, I get stuck on building "Net::SSLeay::136" module saying: Building (Net::SSLeay::136) ... ERROR::Can not build module make[6]: *** [Net-SSLeay-1.36] Error 1 make[5]: *** [modules] Error 1 make[4]: *** [__install_dir] Error 2 make[3]: *** [ext-modules] Error 2 make[2]: *** [__install_dir] Error 2 make[1]: *** [src] Error 2 make: *** [__install_dir] Error 2 I've read in the mailing list archive that "--disable-external-modules" won't leave Net-SSLeay, and I know why. But I don't know what should I do to get Open CA up and running on my Linux! Can anyone help me with this? P.S.: I've downloaded the SRC, for both OpenCA and OpenCA Tools. I've tried their installations on another machine and tried them! SO THE ISSUE IS NOT BECAUSE OF MY MACHINE. Also have tried Ubuntu's pre-installed OpenSSL/DBI, but nothing seems to be an issue! Regards, Hoomant -- "Great spirits have always encountered violent opposition from mediocre minds." -- Albert Einstein |
From: Tim R. <ti...@mu...> - 2010-09-19 19:28:41
|
Solaris 10 (SPARC) openca-base-1.1.0 with patches at http://mm.cs.dartmouth.edu/wiki/index.php/OpenCA_PKI_v1.1.0 Postgress back end I'm attempting to track down a bug in the backup/restore routines on the node interface. On the CA side, if I backup the database, initialize the database, and restore the database, all the valid certificates are now revoked. If I untar the file used to restore into a temp directory and then do another backup and untar it into another directory, I can do a gdiff -ru and see things like this .......... diff -ru good/CA_CERTIFICATE/VALID/c2612d9e93024b7e82d791113e836c661366cf43.pem bad/CA_CERTIFICATE/VALID/c2612d9e93024b7e82d791113e836c661366cf43.pem --- good/CA_CERTIFICATE/VALID/c2612d9e93024b7e82d791113e836c661366cf43.pem 2010-09-19 10:02:36.000000000 -0700 +++ bad/CA_CERTIFICATE/VALID/c2612d9e93024b7e82d791113e836c661366cf43.pem 2010-09-19 10:12:11.000000000 -0700 @@ -1,5 +1,6 @@ -----BEGIN HEADER----- CSR_SERIAL=-1 +EXPIRED_AFTER=Sun Sep 19 17:11:05 2010 -----END HEADER----- -----BEGIN CERTIFICATE----- .......... and this .......... diff -ru good/CERTIFICATE/VALID/195722417019527870820884.pem bad/CERTIFICATE/VALID/195722417019527870820884.pem --- good/CERTIFICATE/VALID/195722417019527870820884.pem 2010-09-19 10:02:41.000000000 -0700 +++ bad/CERTIFICATE/VALID/195722417019527870820884.pem 2010-09-19 10:12:16.000000000 -0700 @@ -1,6 +1,7 @@ -----BEGIN HEADER----- PIN=1bcbb068fb9ed4189ab745ed3e954e011f208f81 CSR_SERIAL=256 +REVOKED_AFTER=Sun Sep 19 17:11:36 2010 LOA=3 ROLE=User -----END HEADER----- .......... The dates on the EXPIRED_AFTER= and REVOKED_AFTER= lines are always the time of restore. Any idea which file (program) is adding these on restore? I also noticed the the initialize database option in the Backup/Restore menu did not have the mode=FORCE option. Was this intended? Thanks. -- Tim Rice Multitalents (707) 887-1469 ti...@mu... |
From: Tim R. <ti...@mu...> - 2010-09-15 00:52:56
|
# # src/common/etc/auth_browser_req.xml.template # organization and country was hard coded. generate values from config.xml # --- openca-base-1.1.0/src/common/etc/auth_browser_req.xml.template.old 2008-10-02 20:12:24.000000000 -0700 +++ openca-base-1.1.0/src/common/etc/auth_browser_req.xml.template 2010-09-14 17:40:14.988320003 -0700 @@ -177,11 +177,11 @@ and the value --> <rdn> <name>O</name> - <value>OpenCA</value> + <value>@ca_organization@</value> </rdn> <rdn> <name>C</name> - <value>US</value> + <value>@ca_country@</value> </rdn> </basedn> <dn> -- Tim Rice Multitalents (707) 887-1469 ti...@mu... |
From: Tim R. <ti...@mu...> - 2010-09-05 22:22:31
|
# # undo-2008-Aug-08-sha256.patch # # Undo 2008-Aug-08: # * Changed the default digest algorithm to sha256 (instead of sha1) # # src/common/etc/openssl/openssl.cnf.in # src/common/etc/openssl/openssl/RA_Operator.conf.in # src/common/etc/openssl/openssl/PRQP_Server.conf.in # src/common/etc/openssl/openssl/Domain_Controller.conf.in # src/common/etc/openssl/openssl/Mail_Server.conf.in # src/common/etc/openssl/openssl/Web_Server.conf.in # src/common/etc/openssl/openssl/VPN_User.conf.in # src/common/etc/openssl/openssl/User.conf.in # src/common/etc/openssl/openssl/VPN_Server.conf.in # src/common/etc/openssl/openssl/OCSP_Server.conf.in # src/common/etc/openssl/openssl/CA_Operator.conf.in # src/common/etc/openssl/openssl/Sub-CA.conf.in # src/common/etc/openssl/openssl/Cross_CA.conf.in # src/common/etc/openssl/sample-openssl.conf.in # src/modules/openca-openssl/OpenSSL.pm # src/modules/openca-openssl/test/openssl_test.pl # src/common/lib/locale/de_DE/openca.po # src/common/lib/locale/el_GR/openca.po # src/common/lib/locale/en_GB/openca.po # src/common/lib/locale/es_ES/openca.po # src/common/lib/locale/fr_FR/openca.po # src/common/lib/locale/it_IT/openca.po # src/common/lib/locale/ja_JP/openca.po # src/common/lib/locale/openca-xgettext.pot # src/common/lib/locale/openca.pot # src/common/lib/locale/pl_PL/openca.po # src/common/lib/locale/pot/modules.pot # src/common/lib/locale/pt_PT/openca.po # src/common/lib/locale/ru_RU/openca.po # src/common/lib/locale/sl_SI/openca.po # some currenty shipping systems use openssl-0.9.7 which doesn't # understand sha256. # make default_md sha1 so things work with older openssl. # --- openca-base-1.1.0/src/common/etc/openssl/openssl.cnf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl.cnf.in 2010-08-15 12:59:52.149999002 -0700 @@ -68,7 +68,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look @@ -102,7 +102,7 @@ [ req ] default_bits = 1024 default_keyfile = privkey.pem -default_md = sha256 +default_md = sha1 distinguished_name = req_distinguished_name attributes = req_attributes # x509_extensions = v3_ca # The extentions to --- openca-base-1.1.0/src/common/etc/openssl/openssl/RA_Operator.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/RA_Operator.conf.in 2010-08-15 16:30:22.245919036 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/PRQP_Server.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/PRQP_Server.conf.in 2010-08-15 16:30:22.245919044 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/Domain_Controller.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/Domain_Controller.conf.in 2010-08-15 16:30:22.245919052 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/Mail_Server.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/Mail_Server.conf.in 2010-08-15 16:30:22.255919003 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/Web_Server.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/Web_Server.conf.in 2010-08-15 16:30:22.255919011 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/VPN_User.conf.in.old 2010-02-22 17:35:31.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/VPN_User.conf.in 2010-08-15 16:30:22.255919019 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/User.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/User.conf.in 2010-08-15 16:30:22.255919027 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/VPN_Server.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/VPN_Server.conf.in 2010-08-15 16:30:22.275919003 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/OCSP_Server.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/OCSP_Server.conf.in 2010-08-15 16:30:22.275919011 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/CA_Operator.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/CA_Operator.conf.in 2010-08-15 16:30:22.275919019 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/Sub-CA.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/Sub-CA.conf.in 2010-08-15 16:30:22.275919027 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/Cross_CA.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/Cross_CA.conf.in 2010-08-15 16:30:22.275919035 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/sample-openssl.conf.in.old 2008-08-08 16:44:05.000000000 -0700 +++ openca-base-1.1.0/src/common/etc/openssl/sample-openssl.conf.in 2010-08-15 16:30:22.275919043 -0700 @@ -58,7 +58,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/modules/openca-openssl/OpenSSL.pm.old 2010-02-22 19:29:55.000000000 -0800 +++ openca-base-1.1.0/src/modules/openca-openssl/OpenSSL.pm 2010-08-15 16:30:22.285919018 -0700 @@ -1629,7 +1629,7 @@ my ( $command, $ret ); - $alg = "sha256" if( not $alg ); + $alg = "sha1" if( not $alg ); if (not $data) { $self->setError (7751011, --- openca-base-1.1.0/src/modules/openca-openssl/test/openssl_test.pl.old 2008-08-08 16:44:06.000000000 -0700 +++ openca-base-1.1.0/src/modules/openca-openssl/test/openssl_test.pl 2010-08-17 16:25:27.946298000 -0700 @@ -49,7 +49,7 @@ print " * MD5 : "; print $openssl->getDigest( DATA=>$crl, ALGORITHM=>md5 ) . "\n"; print " * SHA1 : "; -print $openssl->getDigest( DATA=>$crl, ALGORITHM=>sha256 ) . "\n"; +print $openssl->getDigest( DATA=>$crl, ALGORITHM=>sha1 ) . "\n"; print $openssl->verify( SIGNATURE_FILE=>"sig", CA_CERT=>"cert.pem", VERBOSE=>"1" ); --- openca-base-1.1.0/src/common/lib/locale/de_DE/openca.po.old 2008-10-17 15:39:19.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/de_DE/openca.po 2010-08-17 16:25:32.926298495 -0700 @@ -11865,7 +11865,7 @@ msgstr "Die Datei __FILENAME__ konnte nicht zum Schreiben geöffnet werden." #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/el_GR/openca.po.old 2008-10-17 15:39:20.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/el_GR/openca.po 2010-08-17 16:25:39.006298430 -0700 @@ -11666,7 +11666,7 @@ "OpenCA::CRL->new: Îεν είναι Î´Ï Î½Î±Ïή η ανάγνÏÏη ÏÎ¿Ï Î±ÏÏÎµÎ¯Î¿Ï __FILENAME__ ." #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/en_GB/openca.po.old 2008-10-17 15:39:21.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/en_GB/openca.po 2010-08-17 16:25:44.126298342 -0700 @@ -11203,7 +11203,7 @@ msgstr "" #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/es_ES/openca.po.old 2008-10-17 15:39:21.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/es_ES/openca.po 2010-08-17 16:25:48.616298397 -0700 @@ -12000,7 +12000,7 @@ msgstr "No se pudo abrir el fichero __FILE__ de OpenSSL para escritura." #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/fr_FR/openca.po.old 2008-10-17 15:39:22.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/fr_FR/openca.po 2010-08-17 16:25:52.846298308 -0700 @@ -11963,7 +11963,7 @@ "écrire." #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/it_IT/openca.po.old 2008-10-17 15:39:23.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/it_IT/openca.po 2010-08-17 16:25:57.296298478 -0700 @@ -11744,7 +11744,7 @@ "Impossibile aprire in scrittura il file __FILE__ del Database di OpenSSL." #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/ja_JP/openca.po.old 2008-10-17 15:39:24.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/ja_JP/openca.po 2010-08-17 16:26:01.826298295 -0700 @@ -11554,7 +11554,7 @@ "OpenCA::OpenSSL->SPKAC: ä¸æãã¡ã¤ã« __FILENAME__ ããªã¼ãã³ã§ãã¾ããã§ãã." #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/openca-xgettext.pot.old 2008-10-17 15:39:17.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/openca-xgettext.pot 2010-08-17 16:26:06.086298018 -0700 @@ -11103,7 +11103,7 @@ msgstr "" #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/openca.pot.old 2008-10-17 15:39:18.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/openca.pot 2010-08-17 16:26:10.326298357 -0700 @@ -11103,7 +11103,7 @@ msgstr "" #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/pl_PL/openca.po.old 2008-10-17 15:39:26.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/pl_PL/openca.po 2010-08-17 16:26:14.606298463 -0700 @@ -11719,7 +11719,7 @@ "__FILENAME__ do zapisu" #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/pot/modules.pot.old 2008-10-17 15:39:27.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/pot/modules.pot 2010-08-17 16:26:19.006298038 -0700 @@ -1120,7 +1120,7 @@ msgstr "" #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/pt_PT/openca.po.old 2008-10-17 15:39:27.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/pt_PT/openca.po 2010-08-17 16:26:23.506298138 -0700 @@ -11103,7 +11103,7 @@ msgstr "" #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/ru_RU/openca.po.old 2008-10-17 15:39:28.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/ru_RU/openca.po 2010-08-17 16:26:28.086298288 -0700 @@ -11665,7 +11665,7 @@ "Ñайл __FILENAME__." #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/sl_SI/openca.po.old 2008-10-17 15:39:29.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/sl_SI/openca.po 2010-08-17 16:26:32.266298056 -0700 @@ -11451,7 +11451,7 @@ msgstr "" #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 -- Tim Rice Multitalents (707) 887-1469 ti...@mu... |
From: Tim R. <ti...@mu...> - 2010-09-05 22:22:23
|
# # install_dir-MODE.patch # # src/web-interfaces/ca/Makefile src/web-interfaces/pub/Makefile # src/web-interfaces/ra/Makefile src/web-interfaces/batch/Makefile # src/web-interfaces/scep/Makefile src/web-interfaces/ldap/Makefile # src/web-interfaces/node/Makefile # fix perms on __install_dir lines. s/MODE=644/MODE=755/ # --- openca-base-1.1.0/src/web-interfaces/ca/Makefile.old 2010-02-09 15:39:06.000000000 -0800 +++ openca-base-1.1.0/src/web-interfaces/ca/Makefile 2010-06-21 18:03:45.593814002 -0700 @@ -69,7 +69,7 @@ fi $(AC_DIRS):: - $(MAKE) __install_dir USER=${openca_user} GROUP=${openca_group} MODE=644 DIR=$(etc_prefix)/$@ + $(MAKE) __install_dir USER=${openca_user} GROUP=${openca_group} MODE=755 DIR=$(etc_prefix)/$@ $(CONF_FILE):: @if [ -e "$(DEST_CGI_CONFDIR)/$@.conf.template" ]; then \ --- openca-base-1.1.0/src/web-interfaces/pub/Makefile.old 2010-02-09 15:39:06.000000000 -0800 +++ openca-base-1.1.0/src/web-interfaces/pub/Makefile 2010-06-21 18:03:51.203814002 -0700 @@ -73,7 +73,7 @@ fi $(AC_DIRS):: - $(MAKE) __install_dir USER=${openca_user} GROUP=${openca_group} MODE=644 DIR=$(etc_prefix)/$@ + $(MAKE) __install_dir USER=${openca_user} GROUP=${openca_group} MODE=755 DIR=$(etc_prefix)/$@ $(CONF_FILE):: @if [ -e "$(DEST_CGI_CONFDIR)/$@.template" ]; then \ --- openca-base-1.1.0/src/web-interfaces/ra/Makefile.old 2010-02-09 15:39:07.000000000 -0800 +++ openca-base-1.1.0/src/web-interfaces/ra/Makefile 2010-06-21 18:03:57.723814002 -0700 @@ -68,7 +68,7 @@ fi $(AC_DIRS):: - $(MAKE) __install_dir USER=${openca_user} GROUP=${openca_group} MODE=644 DIR=$(etc_prefix)/$@ + $(MAKE) __install_dir USER=${openca_user} GROUP=${openca_group} MODE=755 DIR=$(etc_prefix)/$@ $(CONF_FILE):: @if [ -e "$(DEST_CGI_CONFDIR)/$@.template" ]; then \ --- openca-base-1.1.0/src/web-interfaces/batch/Makefile.old 2010-02-09 15:39:06.000000000 -0800 +++ openca-base-1.1.0/src/web-interfaces/batch/Makefile 2010-06-21 18:04:03.933814002 -0700 @@ -69,7 +69,7 @@ fi $(AC_DIRS):: - $(MAKE) __install_dir USER=${openca_user} GROUP=${openca_group} MODE=644 DIR=$(etc_prefix)/$@ + $(MAKE) __install_dir USER=${openca_user} GROUP=${openca_group} MODE=755 DIR=$(etc_prefix)/$@ $(CONF_FILE):: @if [ -e "$(DEST_CGI_CONFDIR)/$@.conf.template" ]; then \ --- openca-base-1.1.0/src/web-interfaces/scep/Makefile.old 2010-02-09 15:39:07.000000000 -0800 +++ openca-base-1.1.0/src/web-interfaces/scep/Makefile 2010-06-21 18:04:08.687414000 -0700 @@ -50,7 +50,7 @@ fi $(AC_DIRS):: - $(MAKE) __install_dir USER=${openca_user} GROUP=${openca_group} MODE=644 DIR=$(etc_prefix)/$@ + $(MAKE) __install_dir USER=${openca_user} GROUP=${openca_group} MODE=755 DIR=$(etc_prefix)/$@ $(CONF_FILE):: @if [ -e "$(DEST_CGI_CONFDIR)/$@.template" ]; then \ --- openca-base-1.1.0/src/web-interfaces/ldap/Makefile.old 2010-02-09 15:39:06.000000000 -0800 +++ openca-base-1.1.0/src/web-interfaces/ldap/Makefile 2010-06-21 18:04:20.983814002 -0700 @@ -69,7 +69,7 @@ fi $(AC_DIRS):: - $(MAKE) __install_dir USER=${openca_user} GROUP=${openca_group} MODE=644 DIR=$(etc_prefix)/$@ + $(MAKE) __install_dir USER=${openca_user} GROUP=${openca_group} MODE=755 DIR=$(etc_prefix)/$@ $(CONF_FILE):: @if [ -e "$(DEST_CGI_CONFDIR)/$@.conf.template" ]; then \ --- openca-base-1.1.0/src/web-interfaces/node/Makefile.old 2010-02-09 15:39:06.000000000 -0800 +++ openca-base-1.1.0/src/web-interfaces/node/Makefile 2010-06-21 18:04:27.753814002 -0700 @@ -70,7 +70,7 @@ fi $(AC_DIRS):: - $(MAKE) __install_dir USER=${openca_user} GROUP=${openca_group} MODE=644 DIR=$(etc_prefix)/$@ + $(MAKE) __install_dir USER=${openca_user} GROUP=${openca_group} MODE=755 DIR=$(etc_prefix)/$@ $(CONF_FILE):: @if [ -e "$(DEST_CGI_CONFDIR)/$@.conf.template" ]; then \ -- Tim Rice Multitalents (707) 887-1469 ti...@mu... |