(ITS#4644) cannon import entries with certificates because certificateExactNormalize fails

[n.klasen@dpcom.de]

Full_Name: Norbert Klasen
Version: 2.3.35
OS: Solaris 10
URL: 
Submission from: (NULL) (149.239.16.244)


Hi,
I cannot import the entry attached below into any recent slapds. I think this is
due to the fact, that slapd tries to parse the certificate to support the
CertificateExcat matching rule. This certificate has an issuer with T.61 RDNs
that include Umlaut characters and are actually T.61 encoded. Not just Latin-1
tagged as T.61 as it it quite common (see
http://www.openldap.org/lists/openldap-devel/200204/msg00128.html).

Would it be possible for ldap_X509dn2bv to first try ldap_ucs_to_utf8s and if
that fails try ldap_t61s_to_utf8s in case of V_ASN1_T61STRING?

BTW: If run with LDAP_DEBUG_TRACE slapd dumps core in dnX509normalize because
out->bv_val is NULL.

Norbert

dn: ou=CA DER DEUTSCHEN POST 5:PN,o=Deutsche Post AG,c=de
objectClass: organizationalUnit
objectClass: pkiCA
ou: CA DER DEUTSCHEN POST 5:PN
cACertificate;binary:: MIICUjCCAb6gAwIBAgIDD2ptMAoGBiskAwMBAgUAMG8xCzAJBgNVBAY
 TAkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0aW9u
 IHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNBIDE6UE4wIhgPMjAwMDA0MTIwO
 DIyMDNaGA8yMDA0MDQxMjA4MjIwM1owWzELMAkGA1UEBhMCREUxGTAXBgNVBAoUEERldXRzY2hlIF
 Bvc3QgQUcxMTAMBgcCggYBCgcUEwExMCEGA1UEAxQaQ0EgREVSIERFVVRTQ0hFTiBQT1NUIDU6UE4
 wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIH3c+gig1KkY5ceR6n/AMq+xz7hi3f0PMdpwIe2
 v2w6Hu5kjipe++NvU3r6wakIY2royHl3gKWrExOisBico9aQmn8lMJnWZ7SUbB+WpRn0mAWNZM9YT
 +/U5hRCffeeuLWClzrbScaWnAeaaI0G+N/QKnSSjrV/l64jogyADWCTAgMBAAGjEjAQMA4GA1UdDw
 EB/wQEAwIBBjAKBgYrJAMDAQIFAAOBgQAaV5WClEneXk9sLO8zTQAsf4KvDaLd1BFcFeYM7kLLRHK
 eWQ0MAd0xkuAMme5NVwWNpNZP74B4HX7Q/Q0h/wo/9LTgQaxw52lLs4Ml0HUyJbSFjoQ+sqgjg2fG
 NGw7aGkVNY5dQTAy8oSviG8mxTsQ7Fxaush3cIB0qDDwXar/hg==