Solved ssl-admin bss_file.c

dvl@ said:
It may be time to make a change.

I see I used that tool back in 2008 and I I don't see why or when I started using ssl-admin.

I think ssl-admin is now unmaintained whereas security/easy-rsa seems active.

It might be easier to change toeasyols, hoping I can continue using the old certs - I'd be using the same CA.
Click to expand...
I wrote ssl-admin because EasyRSA was unmaintained. I have since become the maintainer of EasyRSA, and there are people actively working on it daily. This tool has fallen out of development as many OSS projects do. I'm running through this (the patch above is correct and will be committed shortly).
 
ssl-admin-1.3.0 was released tonight. The ports tree has been updated. Please test.

The update resolved my issue.

EDIT: Note that the `1.3.0` code will identify as `1.2.1` - This is a known issue and has been reported upstream.
 
VladiBG said:
Regarding your issue it may be related with the extendedKeyUsage of your CA certificate. Can you post the output of

openssl x509 -noout -purpose -in /usr/local/etc/ssl-admin/active/ca.crt
Click to expand...
See above re what I think is a fix. However:

Code: 
[2:20 mydev dan /usr/local/etc/ssl-admin/active] % openssl x509 -noout -purpose -in /usr/local/etc/ssl-admin/active/ca.crt

Certificate purposes:
SSL client : Yes
SSL client CA : Yes
SSL server : Yes
SSL server CA : Yes
Netscape SSL server : Yes
Netscape SSL server CA : Yes
S/MIME signing : Yes
S/MIME signing CA : Yes
S/MIME encryption : Yes
S/MIME encryption CA : Yes
CRL signing : Yes
CRL signing CA : Yes
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : Yes
Time Stamp signing : No
Time Stamp signing CA : Yes
 
ecrist said:
I wrote ssl-admin because EasyRSA was unmaintained. I have since become the maintainer of EasyRSA, and there are people actively working on it daily. This tool has fallen out of development as many OSS projects do. I'm running through this (the patch above is correct and will be committed shortly).
Click to expand...
Thanks for the 1.3.0 update. I've just committed 1.3.0_1 which now uses the tarball supplied in the asset, not the Github tagged tarball.

Also, thanks to diizzy@ for the patch removing the dependency on archivers/zip by patching the code to use bsdtar
 
You must log in or register to reply here.
Back
Top