[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5071) ;binary issue

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5071) ;binary issue
From: kurt@OpenLDAP.org
Date: Thu, 2 Aug 2007 23:11:02 GMT

On Aug 2, 2007, at 11:01 PM, ando@sys-net.it wrote:

> Full_Name: Pierangelo Masarati
> Version: HEAD/re23
> OS: irrelevant
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (81.72.89.40)
>
>
> I've noticed an issue related to operating on certificates with/ 
> without ;binary,
> as detailed in the table below
>
> slapadd                  filter                    requested attrs
>
>              |   ;binary    |  no ;binary  |   ;binary    |   
> no ;binary
> -------------+--------------+--------------+-------------- 
> +---------------
> ;binary      |   results    |   results    |  returned    |  returned
> -------------+--------------+--------------+-------------- 
> +---------------
> no ;binary   |  no results  |   results    | not returned |  returned
>
> So it seems that if data is loaded with ;binary then search  
> operations work
> regardless of having specified ;binary in search filters or in  
> requested
> attributes, while if data is loaded without, then search operations  
> only work if
> ;binary is omitted.  RFC 4523 states that ;binary MUST be used when  
> transferring
> certificates, so perhaps slapd should be either liberal enough to  
> allow any
> combination, or strict enough to prevent those data types from  
> working without
> ;binary.

The bug is in allowing a certificate to be loaded without ;binary.

-- Kurt

Prev by Date: (ITS#5071) ;binary issue
Next by Date: Re: (ITS#5070) Issues in X.509 certificate parsing
Index(es):
- Chronological
- Thread