[Pkg-openssl-devel] Bug#428051: v3_ca extension not applied in CA.sh
Mathieu GELI
mathieu.geli at gmail.com
Fri Jun 8 12:00:43 UTC 2007
Source: openssl
Source-Version: 0.9.8e-5
Severity: important
Hi,
when building a new CA with /usr/lib/ssl/misc/CA.sh the extension
"X509v3 Basic Constraints" is set to CA:FALSE instead that should be CA:TRUE.
It is already addressed since 0.9.8b-1 according to
http://packages.debian.org/changelogs/pool/main/o/openssl/openssl_0.9.8e-5/changelog)
but only on CA.pl...
Please consider applying :
--- /usr/lib/ssl/misc/CA.sh.old 2007-03-10 18:09:23.000000000 +0000
+++ /usr/lib/ssl/misc/CA.sh.new 2007-06-08 11:56:08.000000000 +0000
@@ -91,6 +91,7 @@
-out ${CATOP}/$CAREQ
$CA -out ${CATOP}/$CACERT $CADAYS -batch \
-keyfile ${CATOP}/private/$CAKEY -selfsign \
+ -extensions v3_ca \
-infiles ${CATOP}/$CAREQ
RET=$?
fi
Cheers
--
Mathieu
More information about the Pkg-openssl-devel
mailing list