Bug 445344 – Confusion about CA.sh

Bug 445344 - Confusion about CA.sh

Summary:	Confusion about CA.sh

Status:	CLOSED RAWHIDE

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	openssl (Show other bugs)
Sub Component:
Version:	rawhide
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Tomas Mraz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	F12Target
	Show dependency tree / graph

Reported:	2008-05-06 06:54 EDT by Mads Kiilerich
Modified:	2009-07-03 09:56 EDT (History)
CC List:	1 user (show)

See Also:
Fixed In Version:	openssl-0.9.8k-6.fc12
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2009-07-03 09:56:50 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Mads Kiilerich 2008-05-06 06:54:28 EDT

Description of problem:
openssl source contains CA.sh (and CA.pl) which are mentioned in tutorials on
the net.

1. CA.sh can't be found in the rpm. I would expect it to be packaged in either
/usr/bin/CA.sh or /usr/lib/openssl/CA.sh

2. CA.sh is patched and renamed and installed in /etc/pki/tls/misc/CA. A strange
location for a script. But a user searching for CA.sh might find it and try to
use it, but very confusingly openssl-0.9.7f-ca-dir.patch patches it to use
../../CA without setting CWD. I suggest using an absolute path instead.

Version-Release number of selected component (if applicable):
openssl-0.9.8b-17.fc8

Comment 1 Tomas Mraz 2008-05-12 08:22:53 EDT

Moving to rawhide.

Comment 2 Bug Zapper 2008-05-14 06:42:47 EDT

Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 3 Mads Kiilerich 2008-05-27 18:17:45 EDT

Problem remains in openssl-0.9.8g-6.fc9.i686

Comment 4 Mads Kiilerich 2008-10-02 13:20:44 EDT

It's the same in openssl-0.9.8g-11.fc10.i686

Tried to make a patch but gave up; relative paths are used in a very confusing way and I can't figure out what the intention is.

For example, /etc/pki/tls/openssl.cnf contains
	dir = ../../CA # Where everything is kept
but apparently it doesn't refer to /etc/CA; it assumes that CWD is one level deeper so that it hits /etc/pki/CA

Comment 5 Tomas Mraz 2008-10-03 03:41:13 EDT

The CA.sh needs a rehaul I agree. Also to comply with the packaging guidelines.

The current script as is together with the openssl.cnf works if you have CWD in the /etc/pki/tls/misc and run ./CA

But the scripts in the misc directory must be moved to some other directory - I think that either /usr/sbin or /usr/lib/openssl would be appropriate. The scripts will have to be modified to contain absolute paths then.

Comment 6 Bug Zapper 2008-11-25 21:15:05 EST

This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 7 Jon Stanley 2008-11-26 14:13:28 EST

Fixing version to align with rawhide again.  Sorry for the noise.

Comment 8 Mads Kiilerich 2009-03-06 09:15:55 EST

As Original Poster I will add this comment:

As far as I understand NSS is the crypto lib Fedora prefers. And IMHO certutil from nss-tools works better than openssl's CA stuff.

So, as far as I am concerted this issue could be marked WONTFIX. I assume that is the truth anyway ;-)

Comment 9 Bug Zapper 2009-06-09 05:34:17 EDT

This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Note You need to log in before you can comment on or make changes to this bug.