Hi,
Ar 31/03/11 13:55, scríobh Ernst Pijper:
> On 03/31/2011 02:53 PM, Vincenzo Ciaschini wrote:
>> Ernst Pijper wrote:
>>> Why do need 6e3b436b.0 and how can we stop tomcat from complaining
>>> about the missing .r0 file.
>> Due to the fact that OpenSSL 1.0 "helpfully" changed the algorithm used
>> to calculate the hash of a certificate, i.e. "6e3b436b" and "3de400d0"
>> in this case, and consequently the current CA distribution has two
>> copies of each certificate, one compatible with OpenSSL 0.9.x and one
>> compatible with OpenSSL 1.0.
>>
>> Apparently, fetch-crl has not been updated to take this into account.
The fetch-crl software has been updated to work with dual-hashed files (See
https://dist.eugridpma.info/distribution/util/fetch-crl3/CHANGES)
Of course, you may need to upgrade to the new version!
Kind regards,
David O'C
--
Ánra Taighde - Scoil na hEolaíochta Ríomhaireachta ⁊ na Staitisticí,
Coláiste na Tríonóide, Baile Átha Cliathi, BÁC 2
Research Fellow - School of Computer Science & Statistics,
Trinity College Dublin, Dublin 2 T: +353 1 896 1720
|