Hello. I am not searching bugs in my code. I have a certificate and a CRL. And the functionality -issuer_checks is buggy. My cert and CRL have exactky the same DN as issuer.
2009/10/28 David Schwartz <dav...@webmaster.com>: > Daniel Marschall wrote: > >> Any idea? This problem exists since 2003 and noone found an answer - >> this is unbelievable. > > If you're waiting for somebody else to find a bug in *your* code, you're > going to be waiting a long time. > > Comparing the text strings for literal equality makes no logical sense > whatsoever and is unlikely to ever give a sensible result. > > If you want to compare two things for "equality", you need to define > precisely what you mean by equality and implement a test for that exact > definition. The method you are using will never work right. Consider if one > certificate is issued to "Jack Smith\0 Jones" (where \0 is an embedded zero > byte). How can you possibly compare that to anything sensibly with a text > string compare? > > You are expecting somebody else to magically make your senseless code work. > That's just not going to happen. You have to write sensible code. > > Go back to the drawing board. Define *precisely* what you mean by equality. > And implement a test for exactly that. > > DS > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > -- Daniel Marschall www.daniel-marschall.de +49 6223 488840 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
