[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ITS#8286 round 2

To: Quanah Gibson-Mount <quanah@symas.com>, openldap-devel@openldap.org
Subject: Re: ITS#8286 round 2
From: Howard Chu <hyc@symas.com>
Date: Tue, 18 Dec 2018 18:18:06 +0000
In-reply-to: <0d072477-1e5c-c194-a095-395f6e7366b6@symas.com>
References: <842973A21685DB44126F1E3F@[192.168.1.39]> <efa1a37e-cebc-bf80-3c18-d10648a05e29@symas.com> <261BFA770E5CEBCB25A3A8A0@[192.168.1.39]> <0d072477-1e5c-c194-a095-395f6e7366b6@symas.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0 SeaMonkey/2.53

Howard Chu wrote:
> Quanah Gibson-Mount wrote:
>> --On Tuesday, December 18, 2018 5:53 PM +0000 Howard Chu <hyc@symas.com> wrote:
>>
>>>>
>>>> ---------------- servers/slapd/bconfig.c -----------------------
>>>
>>>> olcTLSCertificateKey -- ??? (Private SYNTAX OID)  Shouldn't the SYNTAX
>>>> be 1.3.6.1.4.1.1466.115.121.1.8? And use certificateExactMatch?
>>>
>>> No, a key is not a certificate. Keys are stored in PKCS#8 encoding.
>>
>> So what's the matching rule for it? ;)
> 
> I suppose it'll have to be octetStringMatch.

The syntax needs to be changed, it should be 1.2.840.113549.1.8. I don't see
any benefit to using anything other than octetStringMatch though.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- ITS#8286 round 2
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: ITS#8286 round 2
  - From: Howard Chu <hyc@symas.com>
- Re: ITS#8286 round 2
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: ITS#8286 round 2
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: ITS#8286 round 2
Index(es):
- Chronological
- Thread