ITS#6152 bits.

[openldap] / servers / slapd / schema_init.c

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 7ddcbc45d492398464b34eab0ef6cb120785d880..253cf9790ea152bcfd6dd48ebe49332602ab92fa 100644 (file)
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -319,10 +319,11 @@ certificateListValidate( Syntax *syntax, struct berval *in )
                        tag = ber_skip_tag( ber, &len );
                }
        }
-       /* Optional Extensions */
+       /* Optional Extensions - Sequence of Sequence */
        if ( tag == SLAP_X509_OPT_CL_CRLEXTENSIONS ) { /* ? */
+               ber_len_t seqlen;
                if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
-               tag = ber_skip_tag( ber, &len );
+               tag = ber_peek_tag( ber, &seqlen );
                if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
                ber_skip_data( ber, len );
                tag = ber_skip_tag( ber, &len );
@@ -388,7 +389,7 @@ attributeCertificateValidate( Syntax *syntax, struct berval *in )
        if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
        ber_skip_data( ber, len );
 
-       ber_peek_tag( ber, &len );
+       tag = ber_peek_tag( ber, &len );
 
        if ( tag == LBER_BITSTRING ) {  /* issuerUniqueID */
                tag = ber_skip_tag( ber, &len );
@@ -6626,7 +6627,7 @@ static slap_mrule_defs_rec mrule_defs[] = {
        {"( 1.3.6.1.4.1.4203.666.11.2.3 NAME 'CSNOrderingMatch' "
                "SYNTAX 1.3.6.1.4.1.4203.666.11.2.1 )",
                SLAP_MR_HIDE | SLAP_MR_ORDERING | SLAP_MR_ORDERED_INDEX, NULL,
-               NULL, NULL, csnOrderingMatch,
+               NULL, csnNormalize, csnOrderingMatch,
                NULL, NULL,
                "CSNMatch" },