Comment 1 Bjarke Istrup Pedersen (RETIRED) 2007-01-05 12:36:05 UTC

Created attachment 105559 [details, diff]
Patch that fixes the bug

This patch fixes the bug in openssl.cnf

Comment 2 Jakub Moc (RETIRED) 2007-01-05 14:12:43 UTC

Kindly review http://bugs.gentoo.org/page.cgi?id=fields.html#bug_severity

Comment 3 Bjarke Istrup Pedersen (RETIRED) 2007-01-06 08:42:39 UTC

Okay, I have done that, shouldn't it be Major?
Major : major loss of function.

I would call not being able to run a CA with openssl a major loss of function ;-)
Anyway, the patch is straght forward, and works fine :-)

Comment 4 Bjarke Istrup Pedersen (RETIRED) 2007-01-18 10:52:17 UTC

Hmm, this makes it create every cert as a CA :(
Any ideas on how to get the CA generated as a CA, but the rest generated as normal certificates?

Comment 5 SpanKY 2007-01-22 05:03:51 UTC

i wouldnt really call it straight forward unless you're completely familiar with openssl/x509 ... i know i'm not

looking at the file, the default setup is for user based installs ... if you need to do something above and beyond that, modify the configuration file to suite your requirements (like any other config file in /etc)

if you disagree, please contact the openssl users list:
http://www.openssl.org/support/

Comment 6 Bjarke Istrup Pedersen (RETIRED) 2007-02-14 15:08:31 UTC

I agree, but then the CA.pl / CA.sh scripts should be fixed, since they have a -newca option, that is broken :-)

Comment 7 SpanKY 2007-02-20 14:59:50 UTC

*** Bug 167727 has been marked as a duplicate of this bug. ***

Just for the record, CA.pl works but CA.sh doesn't work... Can't we just remove CA.sh from the ebuild?

Comment 9 SpanKY 2007-02-20 19:59:50 UTC

none of the files are handled specially by the ebuild ... we install everything like the upstream openssl package intends

if a script is broken, then the openssl guys should know about it