Re: A PKI in a web page

[jehan procaccia]

Leif Johansson a écrit :
On Tuesday 15 September 2009 15.54.33 Jehan PROCACCIA wrote:
  
Le 15/09/2009 09:37, Leif Johansson a écrit :
    
On Monday 14 September 2009 16.17.26 jehan procaccia wrote:
      
Indeed CSP is a version 0.34 since 2007,  no updates since then ... but
perhaps the project is mature and bug free, no evolution needed ? is
there still someone behind it (leifj at it.su.se is in copie ...)
        
I'm le...@sunet.se now but I'm alive. CSP is pretty mature and doesn't
see a lot of development. Reasonably bug-free but feel free to prove
me wrong :)
        Cheers Leif
      
Yes CSP is mature and works perfectly for me, it gives all the feature I
need; cli close enough to openssl if we want to dig into it ... and a
web publication, thanks again for this great tool.

However one thing goes wrong for me, which might be a mis-configuration
of me ...

Leif,

We might continue this thread off-list as the discussion goes more into
CSP than openssl ... I end this question here, but you could respond me
personnaly if needed ...

when I self sign a root CA, the basicConstraints CA:TRUE is not present

:-( altough I did sign it with --type=root which I suposed should end up

going to extension.conf file parsing the :
%ifdef TYPE_CA
basicConstraints        = critical,CA:TRUE
I wonder where and when the types.txt (type "root" is defined there !)
file is loaded in the process of self sign,
I tried to use CSPDEBUG=1 to see what happened, I did had a
/tmp/csp-21399.conf file but it finally deseappeared after the process.
if you could clarify me this point it would be perfect .

regards .
    

It does sound like a bug. I assume you got your CSP from the svn ?

        Cheers Leif
  
Not svn,  I got it from ftp://ftp.su.se/pub/users/leifj/
however, now that I used --type=ca instead of --type=root , I finally 
did got basicConstraints = critical,CA:TRUE
but indeed, I though that type=root was the correct type for a root CA, 
usage for csp init isn't clear on this :
/usr/local/bin/csp <ca name> init
[--type=<root|ca>]  -> means root = ca or root and ca should generate 
different types, regarding types.txt :
ca:CA Certificate
root:Self-Signed Root Certificate
In fact I need both ca and root , I manage to add what I wanted in 
extension.conf anyway ...
but did I mis-use/mis-configured CSP , or is this a real bug ?

Regards .

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org