Mailinglist Archive: opensuse-bugs (12990 mails)

< Previous Next >
[Bug 467437] openssl in SuSE 11.1 does create wrong PKCS12 files
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Mon, 19 Jan 2009 16:26:24 -0700 (MST)
  • Message-id: <20090119232624.AFF99CC7CD@xxxxxxxxxxxxxxxxxxxxxx>
https://bugzilla.novell.com/show_bug.cgi?id=467437

User fl@xxxxxxxxxx added comment
https://bugzilla.novell.com/show_bug.cgi?id=467437#c4


Friedrich Lobenstock <fl@xxxxxxxxxx> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
Info Provider|fl@xxxxxxxxxx |




--- Comment #4 from Friedrich Lobenstock <fl@xxxxxxxxxx> 2009-01-19 16:26:21
MST ---
STEPS TO REPRODUCE: (all files contained in attachment bugreport-467437.tar.gz)

# echo 01 > serial
# rm -f index.txt
# touch index.txt
# cat ca-password
s7pks.fw
s7pks.fw
# cat user-password
1w551sn8
1w551sn8
# openssl req -config ./openssl.cnf -passout file:ca-password -x509 \
-newkey rsa:2048 -days 3660 -keyout ca-private-key.pem -out
ca-certificate.pem
# openssl req -config ./openssl.cnf -passout file:user-password \
-newkey rsa:2048 -keyout user-private-key.pem -out user-request.pem
# openssl ca -config ./openssl.cnf -in user-request.pem \
-passin file:ca-password -out user-certificate.pem -notext -days 730

# #---- CREATE FAULTY PKCS12 FILE ----#

# openssl pkcs12 -export -passin file:user-password \
-passout file:user-password -inkey user-private-key.pem \
-in user-certificate.pem -name "Certificate for TEST-User" \
-certfile ca-certificate.pem -caname "Root Certificate" -out user.p12

# #---- CREATE CORRECT PKCS12 FILE ----#

# wget http://www.openssl.org/source/openssl-0.9.8j.tar.gz{,.md5}
# tar xf openssl-0.9.8j.tar.gz
# cd openssl-0.9.8j
# ./config
# make
# make test
# cd ..
# openssl-0.9.8j/apps/openssl pkcs12 -export -passin file:user-password \
-passout file:user-password -inkey user-private-key.pem \
-in user-certificate.pem -name "Certificate for TEST-User" \
-certfile ca-certificate.pem -caname "Root Certificate" -out user2.p12

# #---- TESTING ----#

Then copy both files to a Windows machine, double click on each file,
enter the password and always click "Next", "Yes" or "Finish".

With "user.p12" Windows will complain while it will import "user2.p12"
without problems.

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >
References