[Date Prev][Date Next] [Chronological] [Thread] [Top]

multiple certificate problem



Dear All,

Unfortunatelly it is not clear (for me) from RFCs and drafts wether
certificateExactMatch is valid at all especialy for multiple
certificates. In core.schema I have a line like:

attributetype ( 2.5.4.36 NAME 'userCertificate'
        EQUALITY certificateExactMatch
        DESC 'RFC2256: X.509 user certificate, use ;binary'
        SYNTAX 1... )

and I am trying to add multiple certificates for a user. Testing 2.1.22
I have results like:

-on RedHat (7.2) It is happy to accept multiple certificates *even the
same many times* so I can insert cert1 five times and the user will have
five certs - all the same. Of course I can insert different certs as
well, but slapd dumps core when I am trying to delete one of the certs
already in the database (note I re-compiled the latest stable BDB from
source for RH).

-on Debian (woody) I am not able to insert multiple certs at all, not
even different ones: slapd dies (with core again) after trying to give
the second one. Deleting the cert also leads to early death of slapd.

Aparently the problem is at openldap-2.1.22/servers/slapd/schema_init.c
: line 3816 , static int certificateExactMatch( ... ) It is freeing some
memory that was not allocated and dies at the very end of the function at
the ber_memfree() lines. Seems RH and Debian behaves differently due to
their different libc-s.

So, is it worth to fix it, I mean does people add multiple certs to
users regularly, will it likely be in the RFC with certificateExactMatch
as shown above?

Cheers:
Szilva