Re: [blfs-support] Make-ca errors

Fri, 22 Feb 2019 22:24:21 -0800 

On 2/22/2019 11:45 PM, Ken Moffat wrote:
> On Sat, Feb 23, 2019 at 04:10:51AM +0000, DJ Lucas via blfs-support
> wrote:
>> On 2/22/2019 8:14 PM, Ken Moffat via blfs-support wrote: Okay, so the
>> bit of code that extracts the text and octal data from
>> cacerts.txt are on lines 589-599. Lines 601-610 are what converts
>> them to PEM files. awk, grep, printf, and openssl are the commands
>> used. This error implies that the cert isn't extracted from the
>> certdata.txt file correctly. Do this... replace line 849 (rm -rf
>> "${TEMPDIR}") with echo ${TEMPDIR} instead and lets see what's in there. 
> Hi DJ, thanks for the response. Line _843_ in my copy of 1.2, I guess
> you are looking at your master version with a few newer commits.
> /tmp/tmp.jgLcZhknCx
>> ${TEMPDIR}/certs should contain all of the extracted mozilla format
>> files These files should begin with '#Certificate "Name"' and be
>> readable, but I suspect not.i 
> A lot of readable files (perms 644) and they all seem to start like
> that. But checking the next two items just in case.
>> If not, then make sure the downloaded $TEMPDIR/work/certdata.txt
>> looks sane, should begin with a mecurial revision number. 
> Yes, 3a4a3b9133e9 (it's from 12th of February).
>> ${TEMPDIR}/pki/anchors should contain a bunch of pem files ini style
>> layout, first line should be '[p11-kit-object-v1]'. 
> Yes, 151 of them, they all start with that.
Good so far, we are successfully through the really ugly part of the
script then.

Okay, so does $TEMPDIR/work/tempfile.crt look like a valid cert? Should
look something like below:
=============================================================================================
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: md5WithRSAEncryption
        Issuer: O = Root CA, OU = http://www.cacert.org, CN = CA Cert
Signing Authority, emailAddress = [email protected]
...
Trusted Uses:
  TLS Web Server Authentication, E-mail Protection, Code Signing
No Rejected Uses.
Alias: CAcert Class 1 root
SHA1 Fingerprint=13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33
-----BEGIN CERTIFICATE-----
MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
...
omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
-----END CERTIFICATE-----
=============================================================================================

--DJ

-- 
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to