[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] X.509, RFC4523, RFC3641, big Ints
There's the LargeInteger syntax which AD, eDirectory 8.8 SP2 and I think
OpenLDAP support.
-- Luke
Howard Chu wrote:
Something that we've recently encountered while testing our
Certificate validation rules is certificates whose serial numbers are
integers whose values are larger than 4 octets. I'm wondering how
other folks deal with these things. Integers that occur within the
LDAP protocol are generally constrained to maxInt, 2^31 - 1, but no
such constraint applies anywhere else. Do you use a multi-precision
math library to generate the decimal representation of these integers?
For now we've copied the OpenSSL library's behavior, which is to use
decimal for up to 31 bit numbers, and just output the hexadecimal
octets for anything larger. But this clearly doesn't conform to the
GSER definition of INTEGER.
As an aside, I really wish we were using hex for the canonical Integer
representation; then any system could manipulate integers of any size
independently of any native word size...
--
www.padl.com | www.lukehoward.com
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext