Hi
We have found a strange and different behavior between OpenSSL 0.9.6d 9 May 2002 and OpenSSL 0.9.7-beta2 16 Jun 2002, working on Windows 2000. We have a 2 level hierarchy of Cas, with 9 second level Cas, based on openssl, with a Lotus Domino Interface, for managing all the lifecycle of certificates. To put it clear, and simplifying, we could say we have CAroot selsigned at the top level of the tree and CAlevel2 with its certificate signed by CAroot. Today we signed using OpenSSL 0.9.7-beta2 the CRLs for CAroot and everything went fine, but when we signed the CRL for CAlevel2 we got in the CRL as the ISSUER field, the data from the CAroot Certificate. So the CRL for CAlevel2 had the issuer information of the Caroot, it is like there is a bug and the issuer information for the second level CRL comes from the top level certificate and not from the second level certificate. We re-signed the second level CA CRL with OpenSSL 0.9.6d 9 May 2002, using the same configuration file, and the issuer information on the Calevel2 CRL in the issuer field was correctly that from the CAlevel2 Certificate. Hopes this is clear. Best Regards Rodolfo Lomascolo http://certs.ipsca.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
