Hi!
I've been workin' on theese patches for some time and since them
have not been included in the 0.9.3 I post them in order to make
them available.
The patches are 2, and add:
* openssl ca
- extensions [ exts_section ]: adds the ability to
use extensions specified in a specific section (so
to specify for example extensions for server_cert
or obj_sign_cert, etc ... ) overriding defaults;
- updatedb: update the index.txt and mark as Expired
expired certs;
- status serial: returns the status of the certificate
given the serial number (and the revokation date if
it has been revoked);
* openssl/crypto/config/config.c
- fix the variable reading: if you use the $ENV::VARIBLE
for example to set the nsServerName and you do not want
to set the $VARIABLE in your env (because it is necessary
only when used) without this patch you should set it or
you get an error (either if it is not used). This patch
fix this behaviour;
Enjoy the patches.
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
Patches to OpenSSL:
===================
To correctly install OpenCA, you have to install the included patches to
OpenSSL to have supplement tools for your CA. Patches included should be
available for last revision of OpenSSL, if you want them to be included
in the original OpenSSL package, please write to Ralf Engelschall at
<[EMAIL PROTECTED]>.
Installation:
=============
First of all untar the package-version that fits your OpenSSL version:
$ tar xvfz openssl-$VER-patches.tar.gz -C $destdir
where $destdir is the directory where you unpacked the OpenSSL package.
Now go to the '$destdir/apps' and apply patch to the ca.c like this:
$ cd $destdir
$ patch -p1 ca.c ca.diff
You now should have correctly patched the ca.c application. Now go to
the '$destdir/crypto/conf' directory and apply the patch to the conf.c
program:
$ cd ../crypto/conf
$ patch -p1 conf.c conf.diff
If all goes well you should have the patched versions of the programs,
now simpli re-compile OpenSSL and re-install it:
$ cd ../..
$ make
$ make test [optional]
$ make install
To try the new patches, just use the following command:
$ openssl ca -config $config_file -status 01
You should get the status of the certificate 01 (Valid/Revoked/Expired).
If you have any trouble, please write to [EMAIL PROTECTED] (our
development mailing list).
========================================================================
Author: Massimiliano Pala http://www.openca.org
e-mail: [EMAIL PROTECTED]
$Version: 1.0
========================================================================
openssl-0.9.3-patches.tar.gz
