hyc@symas.com wrote:
Howard Chu wrote:
I just got tripped trying to import an LDIF with a cert with 16 byte SerialNumber. I've patched this to just use the same hexadecimal format that OpenSSL uses when the number is larger than ber_int_t. We really don't want the format to change just because someone has a BigNum library available; it needs to stay consistent.
But we still need to fix serialNumberAndIssuerNormalize() to normalize to Hex now. And in case somebody feeds in a very large decimal integer, we still need a multi-word decimal-to-binary converter. As such, this bug cannot be closed yet.
OK. Does it make any sense to just move to a hex-only syntax, perfixed by "0x", with no sign as you mentioned earlier, or should we preserve compatibility with the original form, where the minus sign is allowed while a number not starting with "0x" should be treated as decimal? The latter would be probably better, but we'd need to convert decimal to hex, and this could fail if decimals are too large.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
-
ando@sys-net.it