On 2015/12/10 09:04, James Boyle wrote: > Hello, > > When using tinyca2 and revoking a certificate, the certificate fails to > show up as revoked in the certificate list. The errors below show up > when tinyca2 is trying to refresh the certificate list. The problem is > easy to reproduce - either create a new CA or use an existing CA, then > click on a certificate's option to revoke.
This port isn't in great shape. It lists totally broken hash options and doesn't support SHA-2 hashes, though there are some patches in Debian BTS that could be borrowed for this (bug 759481). It tries to pass variables in to /usr/bin/openssl via the environment, libressl doesn't support this (though in the absence of other problems it could be patched to use OpenSSL from ports instead of LibreSSL).. There's also some dodgy version check that is only written to match openssl 0.9.x versions. One of these last two *may* be responsible for the revocation problem, but I think at this point (assuming you want a gui) your best option is probably to take your certs/keys and see if you can import them to xca. > Use of uninitialized value $dn in substitution (s///) at > /usr/local/lib/tinyca2/HELPERS.pm line 107. > Use of uninitialized value $dn in split at > /usr/local/lib/tinyca2/HELPERS.pm line 109. I think these are probably unrelated - most likely it just hasn't been tested with newer versions of perl. It appears to be dead upstream.
