tag 403887 patch
thanks
On 2006/12/20 13:53, Max Kellermann <[EMAIL PROTECTED]> wrote:
> -- LDAP stuff
> -- may not be correct
> [...]
> ldap-UID ::= IA5String
>
> Which is indeed not correct. ldap-UID should be a DirectoryString.
Here is a patch for this bug. I had to add IA5String to the
DirectoryString CHOICE. This is obviously incorrect, but seems to be
the only way to ensure that certificates generated by certtool can
also be parsed. Please correct me if there is a better solution.
Max
diff -urN gnutls-1.4.4.orig/lib/pkix.asn gnutls-1.4.4/lib/pkix.asn
--- gnutls-1.4.4.orig/lib/pkix.asn 2005-05-26 17:21:37.000000000 +0200
+++ gnutls-1.4.4/lib/pkix.asn 2006-12-20 15:07:32.932915000 +0100
@@ -114,7 +114,8 @@
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1..MAX)),
- bmpString BMPString (SIZE(1..MAX)) }
+ bmpString BMPString (SIZE(1..MAX)),
+ ia5String IA5String (SIZE (1..MAX)) }
id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
@@ -1187,7 +1188,7 @@
id-at-ldap-UID AttributeType ::= { 0 9 2342 19200300 100 1 1 }
-ldap-UID ::= IA5String
+ldap-UID ::= DirectoryString
-- rfc3039
diff -urN gnutls-1.4.4.orig/lib/x509/common.c gnutls-1.4.4/lib/x509/common.c
--- gnutls-1.4.4.orig/lib/x509/common.c 2006-04-04 14:28:44.000000000 +0200
+++ gnutls-1.4.4/lib/x509/common.c 2006-12-20 15:08:03.838846500 +0100
@@ -74,7 +74,7 @@
{"2.5.4.46", "dnQualifier", 0, 1},
{"0.9.2342.19200300.100.1.25", "DC", 0, 1},
- {"0.9.2342.19200300.100.1.1", "UID", 0, 1},
+ {"0.9.2342.19200300.100.1.1", "UID", 1, 1},
/* PKCS #9
*/
@@ -254,6 +254,7 @@
* UTF-8 (thus ASCII as well).
*/
if (strcmp (str, "printableString") != 0 &&
+ strcmp (str, "ia5String") != 0 &&
strcmp (str, "utf8String") != 0)
{
non_printable = 1;