[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6098) wrong ASN.1 tags

Full_Name: David A. Cooper
Version: 2.4.16
OS: Linux
Submission from: (NULL) (

I am trying to add certificates to my directory that include unique identifiers
(both issuerUniqueID and subjectUniqueID), but the certificates are being
rejected as having invalid syntax (note that these certificates have been
successfully validated by many different PKI client software products).  I
believe that the problem is in the certificateValidate function of
servers/slapd/schema_init.c.  In particular, the ASN.1 tags for the unique
identifiers are defined as:

    SLAP_X509_OPT_C_ISSUERUNIQUEID  = SLAP_X509_OPTION + 1  (which is 81)
    SLAP_X509_OPT_C_SUBJECTUNIQUEID = SLAP_X509_OPTION + 2  (which is 82)


I believe the tags for the unique identifiers should be 81 and 82 rather than A1
and A2 since the unique identifiers are of type BIT STRING, and are thus are
primitive rather than constructed.

The same issue probably applies to the tags assigned to some of the fields of
GeneralName, but this does not seem to be an issue at the moment since
certificateValidate does not parse the contents of the Extensions field.