On Thu, 14 Nov 2013 16:51:09 GMT hyc@symas.com wrote
michael@stroeder.com wrote:
Yes, this cert is weird. And I also consider empty subject-DN as invalid. But you never know what people want to add.
That's essentially declaring "I am anonymous" - who the heck uses a cert to do that? And who would trust a self-signed cert for an anonymous CA?
As said: *I* do not consider this to be a valid cert in any case.
I'm just playing around with weird test certs I find here and there to check robustness (mainly of my own software).
If e.g. 'userCertificate' is a self-service attribute (ACL with by self write) then slapd must not crash no matter what stupid input the user provides. So, thanks for fixing it.
There are so many stupid PKI things out there: E.g. a "official" CA issued a CRL without nextUpdate probably because they stopped issuing CRLs but did not want to disturb existing services (sigh!).
Ciao, Michael.
-
michael@stroeder.com