[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5072) Possibly incorrect certificateExactAssertion()

To: openldap-its@OpenLDAP.org
Subject: (ITS#5072) Possibly incorrect certificateExactAssertion()
From: ando@sys-net.it
Date: Fri, 3 Aug 2007 10:41:09 GMT

Full_Name: Pierangelo Masarati
Version: HEAD/re24
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (131.175.154.35)
Submitted by: ando


A certificate in certificateExactAssertion GSER form should be something like
(wrapped for readability)

{
    serialNumber 3,
    issuer rdnSequence:email=ca@example.com,cn=example ca,o=example,st=xx,c=us
}

according to RFC4523 & RFC3687, as far as I understand it.  However, OpenLDAP
HEAD uses the form

{
    serialNumber 3,
    issuer "email=ca@example.com,cn=example ca,o=example,st=xx,c=us"
}

Note the quotes around the DN and the missing "rdnSequence:" prefix.

p.

Prev by Date: Re: (ITS#5069) SyncRepl on request
Next by Date: (ITS#5073) Syncrepl spinlock
Index(es):
- Chronological
- Thread