I’m trying to understand some code someone wrote as a wrapper for the openssl library / tool, with a view to updating it.
I'm completely new to openssl and PKI in general. I found the following docs / references to help navigate but I wasn't able to find answer to my question.
http://users.dcc.uchile.cl/~pcamacho/tutorial/crypto/openssl/openssl_intro.html
http://www.madboa.com/geek/openssl/
But I wasn't able to find the answer to my question.
GOAL
What I need to accomplish is to modify some code so that duplicate certs with the same common name and email addresses CANNOT be created if the cert is still active.
I am planning on checking the index.txt to see if a cert with the same common name exists, and if it hasn't been revoked, I'll prevent user from creating it again.
Problem:
When I create a certificate using this webtool, I see that the index.txt file in /etc/ssl/ is updated with a record starting with a "V".
When I revoke a certificated, the V is changed to R.
However, when I delete a certificate, nothing is updated in the index.txt file. The record remains the same -it's not updated with a new status, nor is it deleted from the file.
QUESTIONS
Is it a bug that the openssl index.txt file is not updated when a cert is deleted?
If it is, what is the command to update the index.txt to remove a cert?
Maybe the wrapper is where the problem is ... the developer may have just forgotten to run a command line tool to update in index.txt file? I guess I just don't know how openssl is supposed to handle a cert deletion and therefore, i can't tell if i have a bug or not... and who's bug it is.
Is there a way using the openssl toolset to check for duplicate certs so that I don't have to manually check index.txt?
Thanks for the help.