[Date Prev][Date Next]
Re: (ITS#5070) Issues in X.509 certificate parsing
Howard Chu wrote:
> I just got tripped trying to import an LDIF with a cert with 16 byte
> SerialNumber. I've patched this to just use the same hexadecimal format that
> OpenSSL uses when the number is larger than ber_int_t. We really don't want
> the format to change just because someone has a BigNum library available; it
> needs to stay consistent.
But we still need to fix serialNumberAndIssuerNormalize() to normalize to Hex now.
And in case somebody feeds in a very large decimal integer, we still need a
multi-word decimal-to-binary converter. As such, this bug cannot be closed yet.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/