[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: certificate list parsing issues

To: Michael Ströder <michael@stroeder.com>
Subject: Re: certificate list parsing issues
From: Howard Chu <hyc@symas.com>
Date: Tue, 04 Aug 2009 01:18:27 -0700
Cc: openldap-devel@openldap.org, masarati@aero.polimi.it
In-reply-to: <4A77EB9C.2000701@stroeder.com>
References: <47916.93.149.38.250.1249292426.squirrel@www.aero.polimi.it> <4A77EB9C.2000701@stroeder.com>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1b5pre) Gecko/20090630 SeaMonkey/2.0a1pre Firefox/3.0.3

Michael Ströder wrote:

masarati@aero.polimi.it wrote:

I recently hit a pretty long certificate list with what appears to be crap
past the end of its valid portion.  I have no indication about how this
was generated, but it is supposed to be in production within a CA,
initially using a release of OpenLDAP without detailed CL validation in
place (remember this was released in 2.4).  I'm not posting this to the
ITS because it's data I'm not allowed to disclose.


How about using this one as a test (33 MB):

http://onsitecrl.certplus.com/DIRECTIONGENERALEDESIMPOTSDIRECTIONGENERALEDESIMPOTSUSAGER/LatestCRL

IIRC I once tried to add this one in OpenLDAP 2.4.x but it did not work.


Works fine with HEAD, once you set sockbuf_max large enough for a 33MB request...

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: certificate list parsing issues
  - From: Michael Ströder <michael@stroeder.com>

References:
- certificate list parsing issues
  - From: masarati@aero.polimi.it
- Re: certificate list parsing issues
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: certificate list parsing issues
Next by Date: Re: certificate list parsing issues
Index(es):
- Chronological
- Thread