[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6460) SASL EXTERNAL fails with long certificate serial numbers

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6460) SASL EXTERNAL fails with long certificate serial numbers
From: hyc@symas.com
Date: Sun, 24 Jan 2010 22:28:39 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

masarati@aero.polimi.it wrote:
>> * masarati@aero.polimi.it [2010-01-24 16:01:23 +0100]:
>>> Funny enough, the same thing is dealt with correctly in certificate
>>> validation/normalization in slapd/schema_init.c
>>
>> That was a result of ITS#5070 (which you filed).
> 
> right :)
> 
>> Maybe there is an
>> opportunity for refactoring, but I wouldn't be a good judge of that.
> 
> I don't quite bother about refactoring to minimize code duplication. 
> Rather, I think the libldap function x509_cert_get_dn() should first
> validate the certificate, much like slapd's certificateValidate() does.

Since the cert was obtained thru a TLS handshake, we assume it has already
been validated by the TLS library. Further validation is not needed.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#6461) back-sql quote characters in query
Next by Date: Re: (ITS#6460) SASL EXTERNAL fails with long certificate serial numbers
Index(es):
- Chronological
- Thread