Re: (ITS#4644) cannon import entries with certificates because certificateExactNormalize fails

[Kurt@OpenLDAP.org]

At 08:27 AM 8/17/2006, n.klasen@dpcom.de wrote:
>Full_Name: Norbert Klasen
>Version: 2.3.35
>OS: Solaris 10
>URL: 
>Submission from: (NULL) (149.239.16.244)
>
>
>Hi,
>I cannot import the entry attached below into any recent slapds. I think this is
>due to the fact, that slapd tries to parse the certificate to support the
>CertificateExcat matching rule. This certificate has an issuer with T.61 RDNs
>that include Umlaut characters and are actually T.61 encoded. Not just Latin-1
>tagged as T.61 as it it quite common (see
>http://www.openldap.org/lists/openldap-devel/200204/msg00128.html).
>
>Would it be possible for ldap_X509dn2bv to first try ldap_ucs_to_utf8s and if
>that fails try ldap_t61s_to_utf8s in case of V_ASN1_T61STRING?

Seems reasonable to use t61 for V_ASN1_T61STRING.  Patch welcomed...

>BTW: If run with LDAP_DEBUG_TRACE slapd dumps core in dnX509normalize because
>out->bv_val is NULL.

fixed.


>Norbert
>
>dn: ou=CA DER DEUTSCHEN POST 5:PN,o=Deutsche Post AG,c=de
>objectClass: organizationalUnit
>objectClass: pkiCA
>ou: CA DER DEUTSCHEN POST 5:PN
>cACertificate;binary:: MIICUjCCAb6gAwIBAgIDD2ptMAoGBiskAwMBAgUAMG8xCzAJBgNVBAY
> TAkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0aW9u
> IHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNBIDE6UE4wIhgPMjAwMDA0MTIwO
> DIyMDNaGA8yMDA0MDQxMjA4MjIwM1owWzELMAkGA1UEBhMCREUxGTAXBgNVBAoUEERldXRzY2hlIF
> Bvc3QgQUcxMTAMBgcCggYBCgcUEwExMCEGA1UEAxQaQ0EgREVSIERFVVRTQ0hFTiBQT1NUIDU6UE4
> wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIH3c+gig1KkY5ceR6n/AMq+xz7hi3f0PMdpwIe2
> v2w6Hu5kjipe++NvU3r6wakIY2royHl3gKWrExOisBico9aQmn8lMJnWZ7SUbB+WpRn0mAWNZM9YT
> +/U5hRCffeeuLWClzrbScaWnAeaaI0G+N/QKnSSjrV/l64jogyADWCTAgMBAAGjEjAQMA4GA1UdDw
> EB/wQEAwIBBjAKBgYrJAMDAQIFAAOBgQAaV5WClEneXk9sLO8zTQAsf4KvDaLd1BFcFeYM7kLLRHK
> eWQ0MAd0xkuAMme5NVwWNpNZP74B4HX7Q/Q0h/wo/9LTgQaxw52lLs4Ml0HUyJbSFjoQ+sqgjg2fG
> NGw7aGkVNY5dQTAy8oSviG8mxTsQ7Fxaush3cIB0qDDwXar/hg==