[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: (ITS#6537) arl[authority revocation list] issue during opneldap upgrade
- To: openldap-its@OpenLDAP.org
- Subject: RE: (ITS#6537) arl[authority revocation list] issue during opneldap upgrade
- From: mmishra@isabel.eu
- Date: Tue, 27 Apr 2010 15:29:10 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Mayashankar Mishra
Consultant
E-mail : mmishra@isabel.eu
Tel : +32 (0)2 403.18.84
Fax : +32
Isabel NV/S.A.
Keizerinlaan 13-15 Boulevard de l'Imp=E9ratrice
1000 Brussels - Belgium
RPR Bruxelles / RPM Brussel: BE 0455 530 509
http://www.isabel.eu/ http://www.zoomit.eu/
Zoomit is a Registered Trademark of Isabel NV/S.A.
Disclaimer : http://www.isabel.eu/gps/en/disclaimer/mailing.php
-----Original Message-----
From: masarati@aero.polimi.it [mailto:masarati@aero.polimi.it]
Sent: 2010-04-27 17:19
To: Mayashankar Mishra
Cc: openldap-its@openldap.org
Subject: RE: (ITS#6537) arl[authority revocation list] issue during opnelda=
p upgrade
Please reply to openldap-its; the "T" stands for "Tracking", if you don't p=
ost there, tracking becomes impossible.
>
>
> Hi,
>
> But same arl work in openldap 2.2.26
In 2.2.26 certificate list was something like
int
certificateListValidate()
{
return LDAP_SUCCESS;
}
I would be surprised it failed.
> I could treat with openssl command to
> convert to variuos format
That's another point. If openssl tools can operate on that CL, then it mig=
ht not strictly comply with X509 but be somehow tolerated. We need to insp=
ect the certificate in order to find out why it fails.
Unless its disclosure violates any confidentiality you're bound to, please =
upload it to ftp.openldap.org *in binary form* following these instructions=
<http://www.openldap.org/devel/contributing.html#submitting>,
then post a message to the ITS with the URL of the file you uploaded.
If you're not allowed to upload the offending CL, you'll have to inspect it=
yourself. Run slapd under gdb; find out where the failure occurs (running=
with "-d stats,trace,args" should suffice); place a breakpoint at the offe=
nding call (should be either certificateListValidate() or certificateListEx=
actNormalize()), step through the function and see where it fails. We migh=
t need to request you to print specific values of variables inside those fu=
nctions.
> But then whats wrong I maens what it means binary value # 0
This sentence is definitely obscure to me. Please clarify.
p.