[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5021) test021-certificate fails on HP-UX
h.b.furuseth@usit.uio.no wrote:
> Bug in OpenSSL 0.9.7d - unless it's with how OpenLDAP uses it, I don't
> know.
Are you using the same version of OpenSSL on your other test machines? Have you
tried a newer version?
Makes sense that this wouldn't be a problem in HEAD since we're now using
liblber for certificate handling. I suppose we could patch RE23 to use
ber_get_int for the serial number. But at the moment this seems to be an
OpenSSL problem, in which case we can close this ITS.
> The offending operation (on Jennifer Smith) adds one certificate and
> deletes the old one. However the added and the old certificate compare
> equal because certificateExactNormalize() produces the same string for
> both:
> 0$email=ca@example.com,cn=example ca,
> o=openldap example\2C ltd.,st=california,c=us
>
> That's because i2s_ASN1_INTEGER(0, sn ) in certificateExactNormalize()
> returns serial number "0". The inputs to that function are
> (gdb) p *sn
> $6 = {length = 1, type = 2, data = 0x402e5278 "\003", flags = 0}
> and
> (gdb) p *sn
> $8 = {length = 1, type = 2, data = 0x402e5cf0 "\001xample.@\036", flags = 0}
> Those *sn values are the same as on a successful run on Linux, except
> the 2nd data[1...] (the xample... string) which I presume does not
> matter when length=1.
>
> The input certificates ('val' arg to certificateExactNormalize()) are
> correct.
>
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/