From: Pierangelo Masarati <ando@openldap.org>
Date: Wed, 25 Jul 2007 00:56:51 +0000 (+0000)
Subject: allow validation/normalization of x509 v1 (default) certs
X-Git-Tag: OPENLDAP_REL_ENG_2_4_MP~291
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6a4dd27158e62dad5a3988682f3da85420ee17bc;p=openldap

allow validation/normalization of x509 v1 (default) certs
---

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 965a1028c4..7a9b1f820e 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -112,8 +112,10 @@ static int certificateValidate( Syntax *syntax, struct berval *in )
 	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
 	tag = ber_skip_tag( ber, &len );	/* Sequence */
 	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
-	tag = ber_skip_tag( ber, &len );
-	if ( tag == 0xa0 ) {	/* Optional version */
+	tag = ber_peek_tag( ber, &len );
+	/* Optional version */
+	if ( tag == 0xa0 ) {
+		tag = ber_skip_tag( ber, &len );
 		tag = ber_get_int( ber, &version );
 		if ( tag != LBER_INTEGER ) return LDAP_INVALID_SYNTAX;
 	}
@@ -3277,9 +3279,11 @@ certificateExactNormalize(
 	ber_init2( ber, val, LBER_USE_DER );
 	tag = ber_skip_tag( ber, &len );	/* Signed Sequence */
 	tag = ber_skip_tag( ber, &len );	/* Sequence */
-	tag = ber_skip_tag( ber, &len );	/* Optional version? */
-	if ( tag == 0xa0 )
+	tag = ber_peek_tag( ber, &len );	/* Optional version? */
+	if ( tag == 0xa0 ) {
+		tag = ber_skip_tag( ber, &len );
 		tag = ber_get_int( ber, &i );	/* version */
+	}
 	ber_get_int( ber, &i );				/* serial */
 
 	seriallen = snprintf( serial, sizeof(serial), "%d", i );