From 6a4dd27158e62dad5a3988682f3da85420ee17bc Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Wed, 25 Jul 2007 00:56:51 +0000 Subject: [PATCH] allow validation/normalization of x509 v1 (default) certs --- servers/slapd/schema_init.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c index 965a1028c4..7a9b1f820e 100644 --- a/servers/slapd/schema_init.c +++ b/servers/slapd/schema_init.c @@ -112,8 +112,10 @@ static int certificateValidate( Syntax *syntax, struct berval *in ) if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX; tag = ber_skip_tag( ber, &len ); /* Sequence */ if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX; - tag = ber_skip_tag( ber, &len ); - if ( tag == 0xa0 ) { /* Optional version */ + tag = ber_peek_tag( ber, &len ); + /* Optional version */ + if ( tag == 0xa0 ) { + tag = ber_skip_tag( ber, &len ); tag = ber_get_int( ber, &version ); if ( tag != LBER_INTEGER ) return LDAP_INVALID_SYNTAX; } @@ -3277,9 +3279,11 @@ certificateExactNormalize( ber_init2( ber, val, LBER_USE_DER ); tag = ber_skip_tag( ber, &len ); /* Signed Sequence */ tag = ber_skip_tag( ber, &len ); /* Sequence */ - tag = ber_skip_tag( ber, &len ); /* Optional version? */ - if ( tag == 0xa0 ) + tag = ber_peek_tag( ber, &len ); /* Optional version? */ + if ( tag == 0xa0 ) { + tag = ber_skip_tag( ber, &len ); tag = ber_get_int( ber, &i ); /* version */ + } ber_get_int( ber, &i ); /* serial */ seriallen = snprintf( serial, sizeof(serial), "%d", i ); -- 2.39.5