[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7746) adding weird cert crashes slapd

On Thu, 14 Nov 2013 16:51:09 GMT hyc@symas.com wrote

> michael@stroeder.com wrote:
> > Yes, this cert is weird. And I also consider empty subject-DN as invalid.
> > But you never know what people want to add.
> That's essentially declaring "I am anonymous" - who the heck uses a cert to
> do  that? And who would trust a self-signed cert for an anonymous CA?

As said: *I* do not consider this to be a valid cert in any case.

I'm just playing around with weird test certs I find here and there to check
robustness (mainly of my own software).

If e.g. 'userCertificate' is a self-service attribute (ACL with by self write)
then slapd must not crash no matter what stupid input the user provides. So,
thanks for fixing it.

There are so many stupid PKI things out there:
E.g. a "official" CA issued a CRL without nextUpdate probably because they
stopped issuing CRLs but did not want to disturb existing services (sigh!).

Ciao, Michael.