[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: User certs checking

To: "'tsg'" <tsg@bugalux.com>, <openldap-software@OpenLDAP.org>
Subject: RE: User certs checking
From: "Howard Chu" <hyc@highlandsun.com>
Date: Wed, 5 Mar 2003 13:11:49 -0800
Importance: Normal
In-reply-to: <200303051719.44191.tsg@bugalux.com>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of tsg

> hi all!
> 1. As I understood, openldap (v 2.1.12) when verifying user
> certificate,
> checks only CA, signed sertificate, but not the certificate
> itself and not
> the user dn in it. Is it true? How can make openldap check the user
> certificate and user DN?

The user certificate is checked. The DN in the certificate is extracted and
its syntax is checked. An invalid DN is rejected. Ordinarily, you cannot
create a cert with an invalid DN, so it's very rare for the DN to get
rejected.

> 2. Does openldap works with CRLs?

OpenLDAP does nothing special for revocation lists. Whether or not OpenSSL
does anything with them automatically, I don't recall.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- User certs checking
  - From: tsg <tsg@bugalux.com>

Prev by Date: Help me, please!!!
Next by Date: RE: Authenticate & Login OS X with passwd
Index(es):
- Chronological
- Thread