Bug in OpenSSL 0.9.7d - unless it's with how OpenLDAP uses it, I don't
know.
The offending operation (on Jennifer Smith) adds one certificate and
deletes the old one. However the added and the old certificate compare
equal because certificateExactNormalize() produces the same string for
both:
0$email=ca(a)example.com,cn=example ca,
o=openldap example\2C ltd.,st=california,c=us
That's because i2s_ASN1_INTEGER(0, sn ) in certificateExactNormalize()
returns serial number "0". The inputs to that function are
(gdb) p *sn
$6 = {length = 1, type = 2, data = 0x402e5278 "\003", flags = 0}
and
(gdb) p *sn
$8 = {length = 1, type = 2, data = 0x402e5cf0 "\001xample.@\036", flags = 0}
Those *sn values are the same as on a successful run on Linux, except
the 2nd data[1...] (the xample... string) which I presume does not
matter when length=1.
The input certificates ('val' arg to certificateExactNormalize()) are
correct.
--
Regards,
Hallvard