Package: tinyca
Version: 0.7.2-1
Severity: important
Tags: patch
Hi,
some of the version checks in tinyca2 prohibit the use of various
functions in conjunction with openssl 0.9.8.
Affected functions:
- revocation of certificates
- giving resasons for certificate revocation
The attached patch solves the problem by
- making the version checks stricter
(i.e. "." in perl regexes matches any character.
to exactly match a period you need to write "\.")
- reverting the logic for some version checks
(i.e. instead of "if (version = x || version = y) { action ... }",
do "if (version != z) { action ... }")
This makes tinyca more resilient against version changes in
openssl provided the new versions have the same features
and bugs fixed as the first correct one.
This was the case for the 0.9.7 to 0.9.8 transition.
Please apply
Thanks for writing and packaging TinyCA2
Peter
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-k7
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Versions of packages tinyca depends on:
ii libgtk2-perl 1:1.104-1 Perl interface to the 2.x series o
ii liblocale-gettext-perl 1.05-1 Using libc functions for internati
ii openssl 0.9.8a-7 Secure Socket Layer (SSL) binary a
Versions of packages tinyca recommends:
ii zip 2.31-3 Archiver for .zip files
-- no debconf information
--- lib/GUI.pm
+++ lib/GUI.pm 2006-04-03 12:04:59.000000000 +0200
@@ -1369,7 +1369,8 @@
gettext("CA Password:"), \$opts->{'passwd'}, $table, 0, 0);
$entry->grab_focus();
- if($self->{'OpenSSL'}->{'version'} =~ /0.9.7/) {
+ # OpenSSL < 0.9.7 was not able to handle revocation reasons
+ if($self->{'OpenSSL'}->{'version'} !~ /^0\.9\.[0-6][a-z]?$/) {
$label = GUI::HELPERS::create_label(
gettext("Revocation Reason:"), 'left', 0, 0);
@@ -2187,8 +2188,8 @@
}
}
- if(($self->{'OpenSSL'}->{'version'} =~ /0.9.7/) ||
- ($self->{'OpenSSL'}->{'version'} =~ /0.9.8/)) {
+ # OpenSSL < 0.9.7 was not able to dynamically handle mailadresses in DNs
+ if($self->{'OpenSSL'}->{'version'} !~ /^0\.9\.[0-6][a-z]?$/) {
$radiobox = Gtk2::HBox->new(0, 0);
$key1 = Gtk2::RadioButton->new(undef, gettext("Yes"));
$key1->set_active(1);
--- lib/OpenSSL.pm
+++ lib/OpenSSL.pm 2006-04-03 11:56:45.000000000 +0200
@@ -41,18 +41,16 @@
my $v = <TEST>;
close(TEST);
- if($v =~ /0.9.6/) {
- $self->{'version'} = "0.9.6";
- } elsif ($v =~ /0.9.7/) {
- $self->{'version'} = "0.9.7";
- } elsif ($v =~ /0.9.8/) {
- $self->{'version'} = "0.9.8";
+ # set version (format: e.g. 0.9.7 or 0.9.7a)
+ if($v =~ /\b(0\.9\.[678][a-z]?)\b/) {
+ $self->{'version'} = $1;
}
- if($v =~ /0.9.7f/ || $v =~ /0.9.7g/ || $v =~ /0.9.7h/) {
- $self->{'broken'} = 0;
- } else {
+ # CRL & ??? output was broken before openssl 0.9.7f
+ if($v =~ /\b0\.9\.[0-6][a-z]?\b/ || $v =~ /\b0\.9\.7[a-e]?\b/) {
$self->{'broken'} = 1;
+ } else {
+ $self->{'broken'} = 0;
}
bless($self, $class);
--- lib/CA.pm
+++ lib/CA.pm 2006-04-03 12:11:29.000000000 +0200
@@ -177,7 +177,8 @@
}
close(INDEX);
- if($oldca && ($main->{'OpenSSL'}->{'version'} eq "0.9.7") &&
+ # offer CA conversion for old CAs and openssl >= 0.9.7
+ if($oldca && ($main->{'OpenSSL'}->{'version'} =~ /^0\.9\.[78][a-z]?$/) &&
!$opts->{'noconv'} && !$opts->{'doconv'}) {
GUI::HELPERS::set_status($main, gettext(" Convert CA"));
while(Gtk2->events_pending) {
@@ -215,7 +216,7 @@
close(INDEX);
close(BAK);
- $t = gettext("This CA is converted for openssl 0.9.7x now.");
+ $t = gettext("This CA is converted for openssl 0.9.7 or higher now.");
$t .= "\n";
$t .= gettext("You will find a backup copy of the index file at: ");
$t .= $bak;
