[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: memory leaks
El mié, 05-12-2001 a las 16:53, Kurt D. Zeilenga escribió:
> I assume OpenSSL (having not looked at the code :-) provides
> the AVA as an OID and a DER encoded value, which we can
> represent in LDAPDN same as if we had read same from a
> RFC 2253 AVA 1.2.3=#DERvalue.
It is not as bad as that. Look at this fragment from an old apps/ca.c:
for (i=0; i<X509_NAME_entry_count(name); i++)
{
ne= X509_NAME_get_entry(name,i);
str=X509_NAME_ENTRY_get_data(ne);
obj=X509_NAME_ENTRY_get_object(ne);
if (msie_hack)
{
/* assume all type should be strings */
nid=OBJ_obj2nid(ne->object);
if (str->type == V_ASN1_UNIVERSALSTRING)
ASN1_UNIVERSALSTRING_to_string(str);
if ((str->type == V_ASN1_IA5STRING) &&
(nid != NID_pkcs9_emailAddress))
str->type=V_ASN1_T61STRING;
[etc.]
The return value from X509_NAME_ENTRY_get_data is an ASN1_STRING.
As can be seen, it contains a type field that contains the ASN1
type (or an interpretation thereof).
So, unless I am mistaken, the choices for directory strings are
well covered. I think this is true for integers and similar
common syntaxes.
Now, of course, the DN can contain attribute types with arbitrarily
bizarre syntaxes. This are rare, however.
> Figuring how to turn this
> into attribute=escapedUTF8value requires schema, as only
> the schema tells you how to map 1.2.3 to attribute and
> #DERvalue to a value's LDAP string syntax for proper
> 2253 escaping.
I think OpenSSL uses just the ASN1 tag to decide on the value syntax.
I know this is limited. I also think it can work well in practice.
Julio