Bug 445344 - Confusion about CA.sh
Confusion about CA.sh
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: openssl (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks: F12Target
  Show dependency treegraph
 
Reported: 2008-05-06 06:54 EDT by Mads Kiilerich
Modified: 2009-07-03 09:56 EDT (History)
1 user (show)

See Also:
Fixed In Version: openssl-0.9.8k-6.fc12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-03 09:56:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Mads Kiilerich 2008-05-06 06:54:28 EDT
Description of problem:
openssl source contains CA.sh (and CA.pl) which are mentioned in tutorials on
the net.

1. CA.sh can't be found in the rpm. I would expect it to be packaged in either
/usr/bin/CA.sh or /usr/lib/openssl/CA.sh

2. CA.sh is patched and renamed and installed in /etc/pki/tls/misc/CA. A strange
location for a script. But a user searching for CA.sh might find it and try to
use it, but very confusingly openssl-0.9.7f-ca-dir.patch patches it to use
../../CA without setting CWD. I suggest using an absolute path instead.

Version-Release number of selected component (if applicable):
openssl-0.9.8b-17.fc8
Comment 1 Tomas Mraz 2008-05-12 08:22:53 EDT
Moving to rawhide.
Comment 2 Bug Zapper 2008-05-14 06:42:47 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 3 Mads Kiilerich 2008-05-27 18:17:45 EDT
Problem remains in openssl-0.9.8g-6.fc9.i686
Comment 4 Mads Kiilerich 2008-10-02 13:20:44 EDT
It's the same in openssl-0.9.8g-11.fc10.i686

Tried to make a patch but gave up; relative paths are used in a very confusing way and I can't figure out what the intention is.

For example, /etc/pki/tls/openssl.cnf contains
	dir = ../../CA # Where everything is kept
but apparently it doesn't refer to /etc/CA; it assumes that CWD is one level deeper so that it hits /etc/pki/CA
Comment 5 Tomas Mraz 2008-10-03 03:41:13 EDT
The CA.sh needs a rehaul I agree. Also to comply with the packaging guidelines.

The current script as is together with the openssl.cnf works if you have CWD in the /etc/pki/tls/misc and run ./CA

But the scripts in the misc directory must be moved to some other directory - I think that either /usr/sbin or /usr/lib/openssl would be appropriate. The scripts will have to be modified to contain absolute paths then.
Comment 6 Bug Zapper 2008-11-25 21:15:05 EST
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 7 Jon Stanley 2008-11-26 14:13:28 EST
Fixing version to align with rawhide again.  Sorry for the noise.
Comment 8 Mads Kiilerich 2009-03-06 09:15:55 EST
As Original Poster I will add this comment:

As far as I understand NSS is the crypto lib Fedora prefers. And IMHO certutil from nss-tools works better than openssl's CA stuff.

So, as far as I am concerted this issue could be marked WONTFIX. I assume that is the truth anyway ;-)
Comment 9 Bug Zapper 2009-06-09 05:34:17 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Note You need to log in before you can comment on or make changes to this bug.