Re: [openssl.org #1847] Bug in Openssl 0.9.8j CA.sh script

Kyle Hamilton Wed, 11 Mar 2009 05:03:22 -0700

-create_serial does not exist in CA.sh, either.

-Kyle H


On Tue, Feb 24, 2009 at 1:46 PM, Nguyen, Kim via RT <r...@openssl.org> wrote:
> The CA.sh script in 0.9.8j is missing the -extensions v3_ca flag. This 
> doesn't seem to be a problem in CA.pl
>
>
> In comparision, CA.pl has:
>
> print "Making CA certificate ...\n";
>                    system ("$REQ -new -keyout " .
>                        "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
>                    system ("$CA -create_serial " .
>                        "-out ${CATOP}/$CACERT $CADAYS -batch " .
>                        "-keyfile ${CATOP}/private/$CAKEY -selfsign " .
>                        "-extensions v3_ca " .
>                        "-infiles ${CATOP}/$CAREQ ");
>                    $RET=$?;
>
> While CA,.sh has:
>
> echo "Making CA certificate ..."
>            $REQ -new -keyout ${CATOP}/private/$CAKEY \
>                           -out ${CATOP}/$CAREQ
>            $CA -out ${CATOP}/$CACERT $CADAYS -batch \
>                           -keyfile ${CATOP}/private/$CAKEY -selfsign \
>                           -infiles ${CATOP}/$CAREQ
>            RET=$?
>
> Note "-extensions v3_ca" is missing....changing the above to:
>
> else
>            echo "Making CA certificate ..."
>            $REQ -new -keyout ${CATOP}/private/$CAKEY \
>                           -out ${CATOP}/$CAREQ
>            $CA -out ${CATOP}/$CACERT $CADAYS -batch \
>                           -keyfile ${CATOP}/private/$CAKEY -selfsign \
>                           -extensions v3_ca \
>                           -infiles ${CATOP}/$CAREQ
>            RET=$?
>
>
> Fixes the problem.
>
> Kim
>
>
>
> The CA.sh script in 0.9.8j is missing the –extensions v3_ca flag. This 
> doesn’t seem to be a problem in CA.pl
>
>
>
>
>
> In comparision, CA.pl has:
>
>
>
> print "Making CA certificate ...\n";
>
>                     system ("$REQ -new -keyout " .
>
>                         "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
>
>                     system ("$CA -create_serial " .
>
>                         "-out ${CATOP}/$CACERT $CADAYS -batch " .
>
>                         "-keyfile ${CATOP}/private/$CAKEY -selfsign " .
>
>                         "-extensions v3_ca " .
>
>                         "-infiles ${CATOP}/$CAREQ ");
>
>                     $RET=$?;
>
>
>
> While CA,.sh has:
>
>
>
> echo "Making CA certificate ..."
>
>             $REQ -new -keyout ${CATOP}/private/$CAKEY \
>
>                            -out ${CATOP}/$CAREQ
>
>             $CA -out ${CATOP}/$CACERT $CADAYS -batch \
>
>                            -keyfile ${CATOP}/private/$CAKEY -selfsign \
>
>                            -infiles ${CATOP}/$CAREQ
>
>             RET=$?
>
>
>
> Note “-extensions v3_ca” is missing….changing the above to:
>
>
>
> else
>
>             echo "Making CA certificate ..."
>
>             $REQ -new -keyout ${CATOP}/private/$CAKEY \
>
>                            -out ${CATOP}/$CAREQ
>
>             $CA -out ${CATOP}/$CACERT $CADAYS -batch \
>
>                            -keyfile ${CATOP}/private/$CAKEY -selfsign \
>
>                            -extensions v3_ca \
>
>                            -infiles ${CATOP}/$CAREQ
>
>             RET=$?
>
>
>
>
>
> Fixes the problem.
>
>
>
> Kim
>
>
>

Re: [openssl.org #1847] Bug in Openssl 0.9.8j CA.sh script

Reply via email to