Package: openssl Version: 1.0.0e-2 Severity: normal
when i try to build a CA, if i use : openssl x509 -req -extensions v3_ca -sha256 -days 7300 -in toto.csr -signkey toto.key -out toto.crt openssl will not use the section v3_ca, and will happily output a wrongly generated cert. and worse of all, not say anything about the not used section. the right command was : openssl x509 -req -extfile /etc/ssl/openssl.cnf -extensions v3_ca -sha256 -days 7300 -in toto.csr -signkey toto.key -out toto.crt in the x509 manpage, in the -extfile section, it is specified that -extfile is mandatory. however, I think that it should be told also in the -extensions section. and more than that, it should print a warning "not using extension XXX, extfile not here" thanks -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (900, 'testing'), (600, 'unstable'), (550, 'stable'), (449, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages openssl depends on: ii libc6 2.13-21 Embedded GNU C Library: Shared lib ii libssl1.0.0 1.0.0e-2 SSL shared libraries ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20090814+nmu2 Common CA certificates -- Configuration Files: /etc/ssl/openssl.cnf changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org