[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5070) Issues in X.509 certificate parsing

Howard Chu wrote:
> I just got tripped trying to import an LDIF with a cert with 16 byte 
> SerialNumber. I've patched this to just use the same hexadecimal format that 
> OpenSSL uses when the number is larger than ber_int_t. We really don't want 
> the format to change just because someone has a BigNum library available; it 
> needs to stay consistent.

But we still need to fix serialNumberAndIssuerNormalize() to normalize to Hex now. 
And in case somebody feeds in a very large decimal integer, we still need a 
multi-word decimal-to-binary converter. As such, this bug cannot be closed yet.
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/