[Date Prev][Date Next] [Chronological] [Thread] [Top]

Component Matching / certificateMatch

To: OpenLDAP-software@OpenLDAP.org
Subject: Component Matching / certificateMatch
From: Kai Kramer <kai.kramer@googlemail.com>
Date: Wed, 15 Feb 2006 09:49:31 +0100
Content-disposition: inline
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=googlemail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=kwboOUMMFmJCfensjU2S0CY/rAB5Gt0qBMxz8Zp5mhfYDCGqEN2WUaSBHm2VKTFC+FfTAQkzxWY2XA5V2XIEgr7cNyI+tkk5cHGwRb+ppBZ5mhu7LkZdcl5FpsVZIPPd1Vg/MWk0DlwSF2/Fdarh8AN3yoc4lCO8xwltN509PG8=

Hello,

is component matching already usable in a production environment? Does
anyone really use it? ITS4112 seems to be a serious problem.

What about certificate matching rules as an alternative? I managed to
use certificateExactMatch to search for serial number and issuer. But
I had no success with certificateMatch. Is it possible to search for a
certain key usage?


Regards,
Kai

Follow-Ups:
- Re: Component Matching / certificateMatch
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: assert fail after delete syncreplica info
Next by Date: Re: Strange syncrepl? problem
Index(es):
- Chronological
- Thread