[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: CertificateExactMatch for the ldap HEAD branch (ITS#2719/ITS#2771).

Kurt D. Zeilenga wrote:


Why did you introduce dnX509normalize2()?
Shouldn't dnX509normalize() handle this need?



Yes you're right. It should.
And initially I tried to use it. But this routine is leaking memory somewhere...
The nasty thing about it is that the leak makes it impossible to free the certificate structure in certificateExactConvert.
X509_free(xcert); equals coredump.

The real work isn't done in dnX509normalize but in ldap/libraries/libldap/ldap_X509dn2bv which seems hard to debug,
and because of the lenght of the routine dnX509normalize2 should be much easier to maintain.

However if you can find the leak and fix it then dnX509normalize2 is no longer needed.
I'm not sure if dnX509normalize is used in any other routine..... If it isn't I would prefer to drop it.

-------------------------------------------- ___ _ __ _ _
/ __/| ` |\ \/ / Mark Ruijter
\__ \| | | ) ( mark.ruijter@siennax.com
|___/|__|_|/_/\_\ 06 - 53713459