[Date Prev][Date Next]
Re: OpenLDAP 2.0.1, netscape and userSMIMEcertificate
At 07:15 PM 9/13/00 +0200, Karsten Künne wrote:
>The next problem
I missed this part...
>was to read back the certificate from the server with
>netscape. Netscape always asks for the attribute "userSMIMEcertificate;binary"
This is fine. It's asking for the binary transfer of
>which obviously doesn't exist because the attribute's name is
>"userSMIMEcertificate" and "binary" is just the encoding.
Don't confuse syntax with transfer means. "x;binary" means
transfer the BER encoding of the value per the syntax. For
x being INTEGER, this means to transfer as a BER encoded
INTEGER instead of a string representation of the INTEGER.
If x is a ASN.1 Certificate, then this means to transfer
the certificate using the BER encoded value instead of
the (defunct) string representation. What's a bit confusing
in this case is that x is an ASN.1 Binary syntax and hence
is value is transferred in BER encoded regardless of whether
";binary" is specified or not. (I'm not sure why inetOrgPerson
says to use ";binary" here, but it does. Hopefully no other
application is expecting to ask for some other attribute y
of binary syntax and expects "y" not "y;binary". We'll see.
Anyways, I digress.
>This time I
>would blame netscape for being wrong
Netscape, in this case, is doing what RFC 2798 says to do.
>but I had to find a solution.
>In order to make netscape happy I added a small hack to search.c
>which simply strips the ";binary" qualifier from the attribute name. This is
This isn't the right fix... this should already be handled
in result.c. I'll take a look at this. Any proper fix for
this is not likely to make 2.0.2... sorry.