note about OpenSSL being more liberal than OpenLDAP when there is garbage past the...

author Pierangelo Masarati <ando@openldap.org>

Mon, 3 Aug 2009 14:07:49 +0000 (14:07 +0000)

committer Pierangelo Masarati <ando@openldap.org>

Mon, 3 Aug 2009 14:07:49 +0000 (14:07 +0000)
author Pierangelo Masarati <ando@openldap.org>
Mon, 3 Aug 2009 14:07:49 +0000 (14:07 +0000)
committer Pierangelo Masarati <ando@openldap.org>
Mon, 3 Aug 2009 14:07:49 +0000 (14:07 +0000)
diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c

index 253cf9790ea152bcfd6dd48ebe49332602ab92fa..95d108f6a5f294bd53777cfff0a7aa8d0742a708 100644 (file)
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -337,6 +337,7 @@ certificateListValidate( Syntax *syntax, struct berval *in )
         ber_skip_data( ber, len );
         tag = ber_skip_tag( ber, &len );
         /* Must be at end now */
+       /* NOTE: OpenSSL tolerates CL with garbage past the end */
         if ( len || tag != LBER_DEFAULT ) return LDAP_INVALID_SYNTAX;
         return LDAP_SUCCESS;
  }
author	Pierangelo Masarati <ando@openldap.org>
	Mon, 3 Aug 2009 14:07:49 +0000 (14:07 +0000)
committer	Pierangelo Masarati <ando@openldap.org>
	Mon, 3 Aug 2009 14:07:49 +0000 (14:07 +0000)