Description of problem: openssl source contains CA.sh (and CA.pl) which are mentioned in tutorials on the net. 1. CA.sh can't be found in the rpm. I would expect it to be packaged in either /usr/bin/CA.sh or /usr/lib/openssl/CA.sh 2. CA.sh is patched and renamed and installed in /etc/pki/tls/misc/CA. A strange location for a script. But a user searching for CA.sh might find it and try to use it, but very confusingly openssl-0.9.7f-ca-dir.patch patches it to use ../../CA without setting CWD. I suggest using an absolute path instead. Version-Release number of selected component (if applicable): openssl-0.9.8b-17.fc8
Moving to rawhide.
Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Problem remains in openssl-0.9.8g-6.fc9.i686
It's the same in openssl-0.9.8g-11.fc10.i686 Tried to make a patch but gave up; relative paths are used in a very confusing way and I can't figure out what the intention is. For example, /etc/pki/tls/openssl.cnf contains dir = ../../CA # Where everything is kept but apparently it doesn't refer to /etc/CA; it assumes that CWD is one level deeper so that it hits /etc/pki/CA
The CA.sh needs a rehaul I agree. Also to comply with the packaging guidelines. The current script as is together with the openssl.cnf works if you have CWD in the /etc/pki/tls/misc and run ./CA But the scripts in the misc directory must be moved to some other directory - I think that either /usr/sbin or /usr/lib/openssl would be appropriate. The scripts will have to be modified to contain absolute paths then.
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle. Changing version to '10'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Fixing version to align with rawhide again. Sorry for the noise.
As Original Poster I will add this comment: As far as I understand NSS is the crypto lib Fedora prefers. And IMHO certutil from nss-tools works better than openssl's CA stuff. So, as far as I am concerted this issue could be marked WONTFIX. I assume that is the truth anyway ;-)
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle. Changing version to '11'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping