From c406042fd6d0e0cc9dc11d0cacba186ca6a58c01 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Fri, 5 Oct 2007 11:27:20 +0000 Subject: [PATCH] ITS#5072 fix issuer format, use uppercase hex per RFC3641 --- servers/slapd/schema_init.c | 38 ++++++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c index 41250c0190..f318a75564 100644 --- a/servers/slapd/schema_init.c +++ b/servers/slapd/schema_init.c @@ -2598,7 +2598,13 @@ serialNumberAndIssuerCheck( for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { /* empty */; } - + + /* For backward compatibility, this part is optional */ + if( !strncasecmp( x.bv_val, "rdnSequence:", STRLENOF("rdnSequence:"))) { + x.bv_val += STRLENOF("rdnSequence:"); + x.bv_len -= STRLENOF("rdnSequence:"); + } + if( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX; x.bv_val++; x.bv_len--; @@ -2710,7 +2716,13 @@ serialNumberAndIssuerCheck( for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) { /* empty */; } - + + /* For backward compatibility, this part is optional */ + if( !strncasecmp( x.bv_val, "rdnSequence:", STRLENOF("rdnSequence:"))) { + x.bv_val += STRLENOF("rdnSequence:"); + x.bv_len -= STRLENOF("rdnSequence:"); + } + if( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX; x.bv_val++; x.bv_len--; @@ -2862,7 +2874,7 @@ serialNumberAndIssuerPretty( if( rc ) return LDAP_INVALID_SYNTAX; /* make room from sn + "$" */ - out->bv_len = STRLENOF("{ serialNumber , issuer \"\" }") + out->bv_len = STRLENOF("{ serialNumber , issuer rdnSequence:\"\" }") + sn.bv_len + ni.bv_len; out->bv_val = slap_sl_malloc( out->bv_len + 1, ctx ); @@ -2880,8 +2892,8 @@ serialNumberAndIssuerPretty( AC_MEMCPY( &out->bv_val[n], sn.bv_val, sn.bv_len ); n += sn.bv_len; - AC_MEMCPY( &out->bv_val[n], ", issuer \"", STRLENOF(", issuer \"")); - n += STRLENOF(", issuer \""); + AC_MEMCPY( &out->bv_val[n], ", issuer rdnSequence:\"", STRLENOF(", issuer rdnSequence:\"")); + n += STRLENOF(", issuer rdnSequence:\""); AC_MEMCPY( &out->bv_val[n], ni.bv_val, ni.bv_len ); n += ni.bv_len; @@ -2952,7 +2964,7 @@ serialNumberAndIssuerNormalize( } /* make room for sn + "$" */ - out->bv_len = STRLENOF( "{ serialNumber , issuer \"\" }" ) + out->bv_len = STRLENOF( "{ serialNumber , issuer rdnSequence:\"\" }" ) + ( sn2.bv_len * 2 + 3 ) + ni.bv_len; out->bv_val = slap_sl_malloc( out->bv_len + 1, ctx ); @@ -2974,15 +2986,15 @@ serialNumberAndIssuerNormalize( unsigned char *v = sn2.bv_val; out->bv_val[n++] = '\''; for ( j = 0; j < sn2.bv_len; j++ ) { - sprintf( &out->bv_val[n], "%02x", v[j] ); + sprintf( &out->bv_val[n], "%02X", v[j] ); n += 2; } out->bv_val[n++] = '\''; out->bv_val[n++] = 'H'; } - AC_MEMCPY( &out->bv_val[n], ", issuer \"", STRLENOF( ", issuer \"" )); - n += STRLENOF( ", issuer \"" ); + AC_MEMCPY( &out->bv_val[n], ", issuer rdnSequence:\"", STRLENOF( ", issuer rdnSequence:\"" )); + n += STRLENOF( ", issuer rdnSequence:\"" ); AC_MEMCPY( &out->bv_val[n], ni.bv_val, ni.bv_len ); n += ni.bv_len; @@ -3074,7 +3086,7 @@ certificateExactNormalize( sptr = serial; *sptr++ = '\''; for ( i = 0; ibv_len = STRLENOF( "{ serialNumber , issuer \"\" }" ) + normalized->bv_len = STRLENOF( "{ serialNumber , issuer rdnSequence:\"\" }" ) + seriallen + issuer_dn.bv_len; normalized->bv_val = ch_malloc(normalized->bv_len+1); @@ -3103,8 +3115,8 @@ certificateExactNormalize( AC_MEMCPY(p, serial, seriallen); p += seriallen; - AC_MEMCPY(p, ", issuer \"", STRLENOF( ", issuer \"" )); - p += STRLENOF( ", issuer \"" ); + AC_MEMCPY(p, ", issuer rdnSequence:\"", STRLENOF( ", issuer rdnSequence:\"" )); + p += STRLENOF( ", issuer rdnSequence:\"" ); AC_MEMCPY(p, issuer_dn.bv_val, issuer_dn.bv_len); p += issuer_dn.bv_len; -- 2.39.5