Leif Johansson a écrit :
On Tuesday 15 September 2009 15.54.33 Jehan PROCACCIA wrote:
Le 15/09/2009 09:37, Leif Johansson a écrit :
On Monday 14 September 2009 16.17.26 jehan procaccia wrote:
Indeed CSP is a version 0.34 since 2007, no updates since then ... but
perhaps the project is mature and bug free, no evolution needed ? is
there still someone behind it (leifj at it.su.se is in copie ...)
I'm le...@sunet.se now but I'm alive. CSP is pretty mature and doesn't
see a lot of development. Reasonably bug-free but feel free to prove
me wrong :)
Cheers Leif
Yes CSP is mature and works perfectly for me, it gives all the feature I
need; cli close enough to openssl if we want to dig into it ... and a
web publication, thanks again for this great tool.
However one thing goes wrong for me, which might be a mis-configuration
of me ...
Leif,
We might continue this thread off-list as the discussion goes more into
CSP than openssl ... I end this question here, but you could respond me
personnaly if needed ...
when I self sign a root CA, the basicConstraints CA:TRUE is not present
:-( altough I did sign it with --type=root which I suposed should end up
going to extension.conf file parsing the :
%ifdef TYPE_CA
basicConstraints = critical,CA:TRUE
I wonder where and when the types.txt (type "root" is defined there !)
file is loaded in the process of self sign,
I tried to use CSPDEBUG=1 to see what happened, I did had a
/tmp/csp-21399.conf file but it finally deseappeared after the process.
if you could clarify me this point it would be perfect .
regards .
It does sound like a bug. I assume you got your CSP from the svn ?
Cheers Leif
Not svn, I got it from ftp://ftp.su.se/pub/users/leifj/
however, now that I used --type=ca instead of --type=root , I finally
did got basicConstraints = critical,CA:TRUE
but indeed, I though that type=root was the correct type for a root CA,
usage for csp init isn't clear on this :
/usr/local/bin/csp <ca name> init
[--type=<root|ca>] -> means root = ca or root and ca should generate
different types, regarding types.txt :
ca:CA Certificate
root:Self-Signed Root Certificate
In fact I need both ca and root , I manage to add what I wanted in
extension.conf anyway ...
but did I mis-use/mis-configured CSP , or is this a real bug ?
Regards .
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org