3 Aug
2007
3 Aug
'07
3:41 a.m.
Full_Name: Pierangelo Masarati Version: HEAD/re24 OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (131.175.154.35) Submitted by: ando
A certificate in certificateExactAssertion GSER form should be something like (wrapped for readability)
{ serialNumber 3, issuer rdnSequence:email=ca@example.com,cn=example ca,o=example,st=xx,c=us }
according to RFC4523 & RFC3687, as far as I understand it. However, OpenLDAP HEAD uses the form
{ serialNumber 3, issuer "email=ca@example.com,cn=example ca,o=example,st=xx,c=us" }
Note the quotes around the DN and the missing "rdnSequence:" prefix.
p.