[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: invalid syntax when teletexstring

Erwann ABALEA wrote:
2011/7/29 Howard Chu<hyc@symas.com>:
The security argument is good. For my personal use, certificateMatch
filter is not used. But I'll need to store X.509 certificates, some
containing T61String elements in issuerDN, and retrieve them using
more classic search filters
&((objectClass=inetOrgPerson)(cn=...)(sn=...)) and get the
userCertificate;binary attribute.
I found some messages from 2006 telling that certificateMatch were
done using OpenSSL. Did you chose to code it differently to support
other crypto libraries, such as GnuTLS?

Yes. Once we made the decision to support multiple TLS libraries we obviously needed to refactor, particularly since libraries like GnuTLS were completely broken in their processing of certificate names.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/