Kim's fix as diff for CA.sh for when anyone wants to incorporate this
in 0.9.9 CVS HEAD
On Tue, Feb 24, 2009 at 9:46 PM, Nguyen, Kim via RT <[email protected]> wrote:
> The CA.sh script in 0.9.8j is missing the -extensions v3_ca flag. This
> doesn't seem to be a problem in CA.pl
>
>
> In comparision, CA.pl has:
>
> print "Making CA certificate ...\n";
> system ("$REQ -new -keyout " .
> "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
> system ("$CA -create_serial " .
> "-out ${CATOP}/$CACERT $CADAYS -batch " .
> "-keyfile ${CATOP}/private/$CAKEY -selfsign " .
> "-extensions v3_ca " .
> "-infiles ${CATOP}/$CAREQ ");
> $RET=$?;
>
> While CA,.sh has:
>
> echo "Making CA certificate ..."
> $REQ -new -keyout ${CATOP}/private/$CAKEY \
> -out ${CATOP}/$CAREQ
> $CA -out ${CATOP}/$CACERT $CADAYS -batch \
> -keyfile ${CATOP}/private/$CAKEY -selfsign \
> -infiles ${CATOP}/$CAREQ
> RET=$?
>
> Note "-extensions v3_ca" is missing....changing the above to:
>
> else
> echo "Making CA certificate ..."
> $REQ -new -keyout ${CATOP}/private/$CAKEY \
> -out ${CATOP}/$CAREQ
> $CA -out ${CATOP}/$CACERT $CADAYS -batch \
> -keyfile ${CATOP}/private/$CAKEY -selfsign \
> -extensions v3_ca \
> -infiles ${CATOP}/$CAREQ
> RET=$?
>
>
> Fixes the problem.
>
> Kim
--
Met vriendelijke groeten / Best regards,
Ger Hobbelt
--------------------------------------------------
web: http://www.hobbelt.com/
http://www.hebbut.net/
mail: [email protected]
mobile: +31-6-11 120 978
--------------------------------------------------
--- /home/ger/prj/1original/openssl/openssl/./apps/CA.sh 2005-07-04 23:44:16.000000000 +0200
+++ ./apps/CA.sh 2009-03-11 12:42:52.000000000 +0100
@@ -87,10 +87,12 @@
RET=$?
else
echo "Making CA certificate ..."
+ # patch as per 2009/02/24 - Kim Nguyen
$REQ -new -keyout ${CATOP}/private/$CAKEY \
-out ${CATOP}/$CAREQ
$CA -out ${CATOP}/$CACERT $CADAYS -batch \
-keyfile ${CATOP}/private/$CAKEY -selfsign \
+ -extensions v3_ca \
-infiles ${CATOP}/$CAREQ
RET=$?
fi
