[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: (ITS#6537) arl[authority revocation list] issue during opneldap upgrade

Please reply to openldap-its; the "T" stands for "Tracking", if you don't
post there, tracking becomes impossible.

> Hi,
> But same arl work in openldap 2.2.26

In 2.2.26 certificate list was something like

    return LDAP_SUCCESS;

I would be surprised it failed.

> I could treat with openssl command to
> convert to variuos format

That's another point.  If openssl tools can operate on that CL, then it
might not strictly comply with X509 but be somehow tolerated.  We need to
inspect the certificate in order to find out why it fails.

Unless its disclosure violates any confidentiality you're bound to, please
upload it to ftp.openldap.org *in binary form* following these
instructions <http://www.openldap.org/devel/contributing.html#submitting>,
then post a message to the ITS with the URL of the file you uploaded.

If you're not allowed to upload the offending CL, you'll have to inspect
it yourself.  Run slapd under gdb; find out where the failure occurs
(running with "-d stats,trace,args" should suffice); place a breakpoint at
the offending call (should be either certificateListValidate() or
certificateListExactNormalize()), step through the function and see where
it fails.  We might need to request you to print specific values of
variables inside those functions.

> But then whats wrong I maens what it means binary value # 0

This sentence is definitely obscure to me.  Please clarify.