[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: (ITS#6537) arl[authority revocation list] issue during opneldap upgrade






Mayashankar Mishra
Consultant
E-mail : mmishra@isabel.eu
Tel :  +32 (0)2 403.18.84
Fax : +32

Isabel NV/S.A.
Keizerinlaan 13-15 Boulevard de l'Imp=E9ratrice
1000 Brussels - Belgium
RPR Bruxelles / RPM Brussel: BE 0455 530 509
http://www.isabel.eu/    http://www.zoomit.eu/

Zoomit is a Registered Trademark of Isabel NV/S.A.
Disclaimer : http://www.isabel.eu/gps/en/disclaimer/mailing.php

-----Original Message-----
From: masarati@aero.polimi.it [mailto:masarati@aero.polimi.it]
Sent: 2010-04-27 17:19
To: Mayashankar Mishra
Cc: openldap-its@openldap.org
Subject: RE: (ITS#6537) arl[authority revocation list] issue during opnelda=
p upgrade

Please reply to openldap-its; the "T" stands for "Tracking", if you don't p=
ost there, tracking becomes impossible.

>
>
> Hi,
>
> But same arl work in openldap 2.2.26

In 2.2.26 certificate list was something like

int
certificateListValidate()
{
    return LDAP_SUCCESS;
}

I would be surprised it failed.

> I could treat with openssl command to
> convert to variuos format

That's another point.  If openssl tools can operate on that CL, then it mig=
ht not strictly comply with X509 but be somehow tolerated.  We need to insp=
ect the certificate in order to find out why it fails.

Unless its disclosure violates any confidentiality you're bound to, please =
upload it to ftp.openldap.org *in binary form* following these instructions=
 <http://www.openldap.org/devel/contributing.html#submitting>,
then post a message to the ITS with the URL of the file you uploaded.

If you're not allowed to upload the offending CL, you'll have to inspect it=
 yourself.  Run slapd under gdb; find out where the failure occurs (running=
 with "-d stats,trace,args" should suffice); place a breakpoint at the offe=
nding call (should be either certificateListValidate() or certificateListEx=
actNormalize()), step through the function and see where it fails.  We migh=
t need to request you to print specific values of variables inside those fu=
nctions.

> But then whats wrong I maens what it means binary value # 0

This sentence is definitely obscure to me.  Please clarify.

p.