...making Linux just a little more fun!

<-- prev | next -->





[ In reference to Migrating a Mail Server to Postfix/Cyrus/OpenLDAP in LG#124 ]

Michael Poeltl (michael.poeltl at opentech.at)
Sat Aug 19 13:46:08 PDT 2006

Followed up by: Rene

hi René,

thanks for your site! It helped a lot - one question is left ...

in your 'openssl.cnf'-sample shows up the line

crl             = $dir/ca-crl.pem

and later

nsCaRevocationUrl               = https://cert.yourdomain.net/ca-crl.pem

from where did you get/generate ca-crl.pem?

thanks a lot for your answer


[Rene] - That's good to hear.

I got it from the same source as the Certificate Authority setup. If you ever need to revoke certificates, then you can do that very analog to the certificate creation. You just have to be sure that you distribute the revocation among all potential devices or applications that verify the certificate of an encryption key. The document at sial.org has a paragraph titled "Certificate Revocation". If you use their Makefile and use the command "make revoke" you can create a revocation "certificate" and your ca-crl.pem file is created. The exact OpenSSL commands to do this can be found in the Makefile:


Basically it deals with openssl and the "-gencrl" option (as describe in the "ca" man page of OpenSSL). Fortunately I never had to revoke a certificate (yet), so that's why I left this piece out of the article.


[ In reference to Making XMMS Effect plugins in LG#129 ]

Harring Figueiredo (harringf at gmail.com)
Fri Aug 11 20:38:55 PDT 2006

Followed up by: Ben, Kumar

On the init function:

void init(void)
        if (buffer_left != NULL) {
                buffer_left = g_malloc0(sizeof(gfloat) * BUFFER_LENGTH);
        if (buffer_right != NULL) {
                buffer_right = g_malloc0(sizeof(gfloat) *

Shouldn't the tests be if(buffer_... = NULL)? Probably a typo.

[Kumar] - You are absolutely right! However, in the exampleecho.c, I have it right. Sorry for the mistake!

[Ben] - Even though it won't make much of a difference - LG is mirrored all over the world, and the mirror sites' content won't be updated - I've fixed this at the root LG site. Thanks for letting us know, Harring!

Talkback: Discuss this article with The Answer Gang

Copyright © 2006, . Released under the Open Publication license unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 130 of Linux Gazette, September 2006

<-- prev | next -->