Re: invalid syntax when teletexstring

[Howard Chu <hyc@symas.com>]

Erwann ABALEA wrote:
> 2011/7/29 Howard Chu<hyc@symas.com>:
> The security argument is good. For my personal use, certificateMatch
> filter is not used. But I'll need to store X.509 certificates, some
> containing T61String elements in issuerDN, and retrieve them using
> more classic search filters
> &((objectClass=inetOrgPerson)(cn=...)(sn=...)) and get the
> userCertificate;binary attribute.
> I found some messages from 2006 telling that certificateMatch were
> done using OpenSSL. Did you chose to code it differently to support
> other crypto libraries, such as GnuTLS?

Yes. Once we made the decision to support multiple TLS libraries we obviously 
needed to refactor, particularly since libraries like GnuTLS were completely 
broken in their processing of certificate names.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/