[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memory leaks

At 10:22 AM 2001-11-08, Julio Sanchez Fernandez wrote:
>Now that I am at it, I have to questions.
>First, do we agree that the convert callback is used to get an
>assertion value from a full value, that is, a value in the matching
>rule definition syntax from a value in attribute definition syntax?
>It was left unused and the prototype seemed right, but maybe was
>planned for something else...

I intended convert to handle cases where the assertion syntax
and the value syntax differed.  I believe you are using it
as I had intended.

>Second, we have to many routines to mangle DNs.  In this case I opted
>by asking OpenSSL to give me a value in rfc2253 format, but older
>OpenSSL versions do not support it.  And then I don't trust it to
>produce good results and I renormalize it...
>Other parts of the OpenLDAP call X509_NAME_oneline that returns the DN
>in the peculiar format of OpenSSL and then uses ldap_dcedn2dn to parse
>that string and convert it to rfc2253.  That seems fragile and, IIRC,
>the oneline format was being kept for compatibility and was considered
>broken as far as escaping goes, so parsing it may be impossible.
>Should we parse the X509_NAME ourselves and build an rfc2253 value in
>one go in a predictable, normalized, way?

Well, prefer dealing with the BER/DER or 2253 strings.  I would
think it better to have our own BER/DER -> LDAPDN (see ando's
work) -> 2253 mechanism.  We'll need it for doing component
matching anyways.