[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[ldapext] X.509, RFC4523, RFC3641, big Ints
- To: Ldapext <ldapext@ietf.org>
- Subject: [ldapext] X.509, RFC4523, RFC3641, big Ints
- From: Howard Chu <hyc@highlandsun.com>
- Date: Mon, 24 Sep 2007 19:12:45 -0700
- User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9a8pre) Gecko/2007091708 SeaMonkey/2.0a1pre
Something that we've recently encountered while testing our Certificate
validation rules is certificates whose serial numbers are integers whose
values are larger than 4 octets. I'm wondering how other folks deal with these
things. Integers that occur within the LDAP protocol are generally constrained
to maxInt, 2^31 - 1, but no such constraint applies anywhere else. Do you use
a multi-precision math library to generate the decimal representation of these
integers?
For now we've copied the OpenSSL library's behavior, which is to use decimal
for up to 31 bit numbers, and just output the hexadecimal octets for anything
larger. But this clearly doesn't conform to the GSER definition of INTEGER.
As an aside, I really wish we were using hex for the canonical Integer
representation; then any system could manipulate integers of any size
independently of any native word size...
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext