[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6098) wrong ASN.1 tags

To: openldap-its@OpenLDAP.org
Subject: (ITS#6098) wrong ASN.1 tags
From: david.cooper@nist.gov
Date: Thu, 7 May 2009 14:33:54 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: David A. Cooper
Version: 2.4.16
OS: Linux
URL: 
Submission from: (NULL) (129.6.54.72)


I am trying to add certificates to my directory that include unique identifiers
(both issuerUniqueID and subjectUniqueID), but the certificates are being
rejected as having invalid syntax (note that these certificates have been
successfully validated by many different PKI client software products).  I
believe that the problem is in the certificateValidate function of
servers/slapd/schema_init.c.  In particular, the ASN.1 tags for the unique
identifiers are defined as:

    SLAP_X509_OPT_C_ISSUERUNIQUEID  = SLAP_X509_OPTION + 1  (which is 81)
    SLAP_X509_OPT_C_SUBJECTUNIQUEID = SLAP_X509_OPTION + 2  (which is 82)

where "SLAP_X509_OPTION = (LBER_CLASS_CONTEXT|LBER_CONSTRUCTED)" (which is A0)

I believe the tags for the unique identifiers should be 81 and 82 rather than A1
and A2 since the unique identifiers are of type BIT STRING, and are thus are
primitive rather than constructed.

The same issue probably applies to the tags assigned to some of the fields of
GeneralName, but this does not seem to be an issue at the moment since
certificateValidate does not parse the contents of the Extensions field.

Prev by Date: Re: (ITS#6096) 2.4.16 replica segfault
Next by Date: Re: (ITS#6098) wrong ASN.1 tags
Index(es):
- Chronological
- Thread