24 Jan
2010
24 Jan
'10
2:28 p.m.
masarati@aero.polimi.it wrote:
- masarati@aero.polimi.it [2010-01-24 16:01:23 +0100]:
Funny enough, the same thing is dealt with correctly in certificate validation/normalization in slapd/schema_init.c
That was a result of ITS#5070 (which you filed).
right :)
Maybe there is an opportunity for refactoring, but I wouldn't be a good judge of that.
I don't quite bother about refactoring to minimize code duplication. Rather, I think the libldap function x509_cert_get_dn() should first validate the certificate, much like slapd's certificateValidate() does.
Since the cert was obtained thru a TLS handshake, we assume it has already been validated by the TLS library. Further validation is not needed.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
5415
Age (days ago)
5415
Last active (days ago)
0 comments
1 participants
participants (1)
-
hyc@symas.com