[Date Prev][Date Next]
Re: memory leaks
At 10:22 AM 2001-11-08, Julio Sanchez Fernandez wrote:
>Now that I am at it, I have to questions.
>First, do we agree that the convert callback is used to get an
>assertion value from a full value, that is, a value in the matching
>rule definition syntax from a value in attribute definition syntax?
>It was left unused and the prototype seemed right, but maybe was
>planned for something else...
I intended convert to handle cases where the assertion syntax
and the value syntax differed. I believe you are using it
as I had intended.
>Second, we have to many routines to mangle DNs. In this case I opted
>by asking OpenSSL to give me a value in rfc2253 format, but older
>OpenSSL versions do not support it. And then I don't trust it to
>produce good results and I renormalize it...
>Other parts of the OpenLDAP call X509_NAME_oneline that returns the DN
>in the peculiar format of OpenSSL and then uses ldap_dcedn2dn to parse
>that string and convert it to rfc2253. That seems fragile and, IIRC,
>the oneline format was being kept for compatibility and was considered
>broken as far as escaping goes, so parsing it may be impossible.
>Should we parse the X509_NAME ourselves and build an rfc2253 value in
>one go in a predictable, normalized, way?
Well, prefer dealing with the BER/DER or 2253 strings. I would
think it better to have our own BER/DER -> LDAPDN (see ando's
work) -> 2253 mechanism. We'll need it for doing component