[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memory leaks



Julio Sánchez Fernández wrote:
> 
> El mié, 05-12-2001 a las 10:31, Pierangelo Masarati escribió:
> 
> > I see from openssl headers that the X509_NAME basically is a
> > stack of X509_NAME_ENTRY, each of which on turn is made of a
> > ASN1_OBJECT (the attr, I suppose) and a ASN1_STRING (the value).
> 
> The value may be in any string syntax, i.e. printableString,
> teletexString, bmpString, universalString, utf8String.

In fact, one big drawback of directly accessing X509_NAME structure
is that we need to interpret all of its fields; we have to weigh it
in comparison to asking openssl routines for strings we do not want
to trust (as I got from your original posting, at least).

> 
> > If you can access the attrs and the values, all you need to do is
> >
> >       for each rdn
> >               for each ava
> >                       ava = ldapava_new(attr, value)
> >                       ldapava_append_to_rdn(rdn, ava)
> >               end
> >               ldapava_append_to_dn(dn, rdn)
> >       end
> 
> IIRC, each entry in the stack has a level identifier.  Al AVAs in the
> same RDN share the same level. A level change always marks the beginning
> of a new RDN.

AVA sorting inside a RDN is part of normalization; of course 
the LDAPDN structure we'd generate by interpreting the X509_NAME 
still needs to pass normalization before being converted into
a string representation.

-- 
Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 |
mailto:pierangelo.masarati@polimi.it
via La Masa 34, 20156 Milano, Italy   |
http://www.aero.polimi.it/~masarati