tag 403887 patch
thanks

On 2006/12/20 13:53, Max Kellermann <[EMAIL PROTECTED]> wrote:
>  -- LDAP stuff
>  -- may not be correct
>  [...]
>  ldap-UID ::= IA5String
> 
> Which is indeed not correct.  ldap-UID should be a DirectoryString.

Here is a patch for this bug.  I had to add IA5String to the
DirectoryString CHOICE.  This is obviously incorrect, but seems to be
the only way to ensure that certificates generated by certtool can
also be parsed.  Please correct me if there is a better solution.

Max

diff -urN gnutls-1.4.4.orig/lib/pkix.asn gnutls-1.4.4/lib/pkix.asn
--- gnutls-1.4.4.orig/lib/pkix.asn	2005-05-26 17:21:37.000000000 +0200
+++ gnutls-1.4.4/lib/pkix.asn	2006-12-20 15:07:32.932915000 +0100
@@ -114,7 +114,8 @@
       printableString           PrintableString (SIZE (1..MAX)),
       universalString           UniversalString (SIZE (1..MAX)),
       utf8String              UTF8String (SIZE (1..MAX)),
-      bmpString               BMPString (SIZE(1..MAX))   }
+      bmpString               BMPString (SIZE(1..MAX)),
+      ia5String             IA5String (SIZE (1..MAX))   }
 
 id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
 
@@ -1187,7 +1188,7 @@
 
 id-at-ldap-UID AttributeType ::= { 0 9 2342 19200300 100 1 1 }
 
-ldap-UID ::= IA5String
+ldap-UID ::= DirectoryString
 
 -- rfc3039
 
diff -urN gnutls-1.4.4.orig/lib/x509/common.c gnutls-1.4.4/lib/x509/common.c
--- gnutls-1.4.4.orig/lib/x509/common.c	2006-04-04 14:28:44.000000000 +0200
+++ gnutls-1.4.4/lib/x509/common.c	2006-12-20 15:08:03.838846500 +0100
@@ -74,7 +74,7 @@
   {"2.5.4.46", "dnQualifier", 0, 1},
 
   {"0.9.2342.19200300.100.1.25", "DC", 0, 1},
-  {"0.9.2342.19200300.100.1.1", "UID", 0, 1},
+  {"0.9.2342.19200300.100.1.1", "UID", 1, 1},
 
   /* PKCS #9
    */
@@ -254,6 +254,7 @@
        * UTF-8 (thus ASCII as well).
        */
       if (strcmp (str, "printableString") != 0 &&
+	  strcmp (str, "ia5String") != 0 &&
 	  strcmp (str, "utf8String") != 0)
 	{
 	  non_printable = 1;

Reply via email to