[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5072) Possibly incorrect certificateExactAssertion()

Full_Name: Pierangelo Masarati
Version: HEAD/re24
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (
Submitted by: ando

A certificate in certificateExactAssertion GSER form should be something like
(wrapped for readability)

    serialNumber 3,
    issuer rdnSequence:email=ca@example.com,cn=example ca,o=example,st=xx,c=us

according to RFC4523 & RFC3687, as far as I understand it.  However, OpenLDAP
HEAD uses the form

    serialNumber 3,
    issuer "email=ca@example.com,cn=example ca,o=example,st=xx,c=us"

Note the quotes around the DN and the missing "rdnSequence:" prefix.