[Pkg-openssl-devel] Bug#235600: marked as done (openssl: CA.pl and -signcert: some minor issues)

Debian Bug Tracking System owner at bugs.debian.org
Thu Sep 22 13:34:00 UTC 2005 

Your message dated Thu, 22 Sep 2005 14:39:56 +0200
with message-id <4332A61C.9030008 at uni-mainz.de>
and subject line Bug#235600: openssl: CA.pl and -signcert: some minor issues
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at maintonly) by bugs.debian.org; 1 Mar 2004 12:46:36 +0000
>From az at cft.snafu.priv.at Mon Mar 01 04:46:36 2004
Return-path: <az at cft.snafu.priv.at>
Received: from cft.snafu.priv.at [203.206.206.142] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Axmoe-0008Qr-00; Mon, 01 Mar 2004 04:46:36 -0800
Received: from cft.snafu.priv.at (localhost [127.0.0.1])
	by cft.snafu.priv.at (8.12.3/8.12.3/Debian-6.6) with ESMTP id i21CkVTM007178
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Mon, 1 Mar 2004 22:46:31 +1000
Received: (from az at localhost)
	by cft.snafu.priv.at (8.12.3/8.12.3/Debian-6.6) id i21CkUMM007176;
	Mon, 1 Mar 2004 22:46:30 +1000
Message-Id: <200403011246.i21CkUMM007176 at cft.snafu.priv.at>
From: Alexander Zangerl <az at debian.org>
To: Debian Bug Tracking System <maintonly at bugs.debian.org>
Subject: openssl: CA.pl and -signcert: some minor issues
X-Mailer: reportbug 1.50
Date: Mon, 01 Mar 2004 22:46:30 +1000
Delivered-To: maintonly at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_02_27 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=HAS_PACKAGE autolearn=no 
	version=2.60-bugs.debian.org_2004_02_27
X-Spam-Level: 

Package: openssl
Version: 0.9.6c-2.woody.4
Severity: minor
Tags: patch

There's  of minor problems with CA.pl I've run into recently.

*) -signcert is not documented in usage message.

@@ -143,7 +145,7 @@
            }
        } else {
            print STDERR "Unknown arg $_\n";
-           print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+           print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-
sign|-verify\n";

*) -signcert does not include the -days option with -x509toreq
-signcert does request key and (old) cert to be in newreq.pem; 
the most likely application of -signcert is to renew an expiring cert 
which usually won't be present as cert+key combined. 

the patch below just reads the cert and key files as args after -signcert,
but the whole CA.pl tool should be rewritten without using fixed/implied 
filenames.

@@ -123,10 +123,12 @@
            $RET=$?;
            print "Signed CA certificate is in newcert.pem\n";
        } elsif (/^-signcert$/) {
-           system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
-                                                               "-out tmp.pem");
-           system ("$CA -policy policy_anything -out newcert.pem " .
-                                                       "-infiles tmp.pem");
+           shift @ARGV;
+           my $cert=shift @ARGV;
+           my $key=shift @ARGV;
+           print "cert is $cert, key is $key\n";
+           system ("$X509 -x509toreq  $DAYS -in $cert -signkey $key -out tmp.pe
m");
+           system ("$CA -policy policy_anything  $DAYS -out newcert.pem -infile
s tmp.pem");


-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux CFT 2.4.25 #1 Wed Feb 25 22:36:49 EST 2004 i686
Locale: LANG=C, LC_CTYPE=de_AT

Versions of packages openssl depends on:
ii  libc6                   2.3.2-9          GNU C Library: Shared libraries an
ii  libssl0.9.6             0.9.6c-2.woody.4 SSL shared libraries
ii  perl                    5.6.1-8.6        Larry Wall's Practical Extraction 


---------------------------------------
Received: (at 235600-done) by bugs.debian.org; 22 Sep 2005 12:41:03 +0000
>From martin at uni-mainz.de Thu Sep 22 05:41:03 2005
Return-path: <martin at uni-mainz.de>
Received: from mailgate1.verwaltung.uni-mainz.de (patty.verwaltung.uni-mainz.de) [134.93.144.165] 
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1EIQNq-000543-00; Thu, 22 Sep 2005 05:41:02 -0700
Received: from charlie.verwaltung.uni-mainz.de (root at charlie.verwaltung.uni-mainz.de [134.93.226.11])
	by patty.verwaltung.uni-mainz.de (8.13.4/8.13.4/Debian-3) with ESMTP id j8MCdvx7029272
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Thu, 22 Sep 2005 14:39:57 +0200
Received: from [134.93.226.8] (woodstock.verwaltung.uni-mainz.de [134.93.226.8])
	(authenticated bits=0)
	by charlie.verwaltung.uni-mainz.de (8.13.4/8.13.4/Debian-3) with ESMTP id j8MCduXB027926
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Thu, 22 Sep 2005 14:39:57 +0200
Message-ID: <4332A61C.9030008 at uni-mainz.de>
Date: Thu, 22 Sep 2005 14:39:56 +0200
From: Christoph Martin <martin at uni-mainz.de>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.6) Gecko/20050817 Thunderbird/1.0.2 Mnenhy/0.7.2.0
X-Accept-Language: de-DE, de, en-us, en
MIME-Version: 1.0
To: Alexander Zangerl <az at debian.org>, 235600-done at bugs.debian.org
Subject: Re: Bug#235600: openssl: CA.pl and -signcert: some minor issues
References: <200403011246.i21CkUMM007176 at cft.snafu.priv.at>
In-Reply-To: <200403011246.i21CkUMM007176 at cft.snafu.priv.at>
X-Enigmail-Version: 0.91.0.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enigE68B7460B1F0740D0E498351"
X-Virus-Scanned-From: mailgate1.verwaltung.uni-mainz.de
X-Spam-Scanned-From: mailgate1.verwaltung.uni-mainz.de
X-Scanned-By: MIMEDefang 2.51 on 134.93.226.4
Delivered-To: 235600-done at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigE68B7460B1F0740D0E498351
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit

The Problem was fixed some time ago in version 0.9.7g-1.

-- 
============================================================================
Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany
 Internet-Mail:  Christoph.Martin at Uni-Mainz.DE
  Telefon: +49-6131-3926337
      Fax: +49-6131-3922856

--------------enigE68B7460B1F0740D0E498351
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDMqYcgeVih7XOVJcRAohvAJ9nvuj8z0mXzbvG66jT+6/n4IbrGwCfbSHb
8rvxeCmdnruyUgHoUyVNuLQ=
=uUd0
-----END PGP SIGNATURE-----

--------------enigE68B7460B1F0740D0E498351--

More information about the Pkg-openssl-devel mailing list