[EMAIL PROTECTED] - Tue Mar 16 07:07:45 2004]: > Stephen Henson via RT wrote: > > >One would be the perl front end CA.pl > > > Patch attached >
Thanks. > >Another would be if non-standard scripts initialize the serial number > >file either for 'ca' or the 'x509' utility. > > > > > My original patch fixed the -CAcreateserial switch. Not much we can > do > about scripts not shipped with OpenSSL, but most folk seem to be using > the standard apps. > I've seen a couple of "cookbooks" which suggest creating the serial number file manually. At least one of them suggests placing zero in there which creates a duplicate on the very first certificate issued. We could I suppose test for the serial number file being a small number and issue a warning. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
