Please reply to openldap-its; the "T" stands for "Tracking", if you don't post there, tracking becomes impossible.
Hi,
But same arl work in openldap 2.2.26
In 2.2.26 certificate list was something like
int certificateListValidate() { return LDAP_SUCCESS; }
I would be surprised it failed.
I could treat with openssl command to convert to variuos format
That's another point. If openssl tools can operate on that CL, then it might not strictly comply with X509 but be somehow tolerated. We need to inspect the certificate in order to find out why it fails.
Unless its disclosure violates any confidentiality you're bound to, please upload it to ftp.openldap.org *in binary form* following these instructions http://www.openldap.org/devel/contributing.html#submitting, then post a message to the ITS with the URL of the file you uploaded.
If you're not allowed to upload the offending CL, you'll have to inspect it yourself. Run slapd under gdb; find out where the failure occurs (running with "-d stats,trace,args" should suffice); place a breakpoint at the offending call (should be either certificateListValidate() or certificateListExactNormalize()), step through the function and see where it fails. We might need to request you to print specific values of variables inside those functions.
But then whats wrong I maens what it means binary value # 0
This sentence is definitely obscure to me. Please clarify.
p.