Questions about certificate(Exact)Match in HEAD code.(ITS#2719)

[Mark Ruijter <openldap@siennax.com>]

I've read the current certificate match code in the HEAD
branch and
found it to be confusing.

Part of the code seems to implement binary Matching (certBinMatch?) by
calling octetStringMatch.
This would allow queries like:
ldapsearch -h localhost -b dc=com -D cn=manager,dc=com
\
    -w secret -x "userCertificate=\30\82\03\ae\30\82\03\17.............

Another part of the code still does something with serial $ issuerdn?

Question: What do we need? certBinMatch, certExactMatch or both?
IETF 55, PKIX Meeting november 20,2002 speaks about filling a new objectclass x509certificate.
This is also possible but is it what we want / need?

-----
A completely different problem with the HEAD branch is that slapadd dumps core on my test data:
 #0  0x40103224 in chunk_alloc (ar_ptr=0x401b7620, nb=16) at malloc.c:2878
#1  0x40103028 in __libc_malloc (bytes=7) at malloc.c:2811
#2  0x080c55e9 in ber_memalloc_x (s=7, ctx=0x0) at memory.c:222
#3  0x080c58e0 in ber_dupbv_x (dst=0x8243d80, src="" ctx=0x0) at memory.c:508
#4  0x080c5993 in ber_dupbv (dst=0x8243d80, src="" at memory.c:526
#5  0x08076965 in value_add (vals=0x8243d58, addvals=0xbffff670) at value.c:67
#6  0x08076583 in attr_merge (e=0x8243110, desc=0x8243c60, vals=0xbffff680, nvals=0xbffff670) at attr.c:153
#7  0x08077078 in str2entry (
    s=0x823d618 "dn:: dWlkPTAwMDA1NS4wMDk5Niwgb3U9dXNlcnMsIG89IkJyZWlqZXIgQXNzdXJhbnRpw6tuIEIu\r\rVi4gKDU1KSIsIG89YWJ6")
    at entry.c:273
#8  0x080601e1 in main (argc=4, argv=0xbffff934) at slapadd.c:62
#9  0x4009f507 in __libc_start_main (main=0x8060108 <main>, argc=4, ubp_av=0xbffff934, init=0x805be18 <_init>,
    fini=0x8190304 <_fini>, rtld_fini=0x4000dc14 <_dl_fini>, stack_end=0xbffff92c) at ../sysdeps/generic/libc-start.c:129
 

Mark Ruijter.
openldap@siennax.com