[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6466) certificateListValidate rejects valid X.509 CRLs (but not RFC-compliant)



hyc@symas.com wrote:

>> BTW, what do you mean by "needs some thought" (in the ticket notes)?
> 
> I hadn't decided yet if slapd should log a warning for this or not.

A warning, to be useful, should allow to clearly identify the broken 
piece of data.  Where the issue is identified, there's no way to find 
out the DN of the entry that contains the datum.  All you could use is 
the certificate's content (e.g. issuer DN and so); not sure how helpful 
it would be.

p.