On Thu, Mar 28, 2002 at 11:33:02AM +0100, Michael Bell wrote:
> Richard Levitte - VMS Whacker schrieb:
>
> > Lutz.Jaenicke> > jaenicke> jaenicke 26-Mar-2002 18:15:37
> > Lutz.Jaenicke> > jaenicke>
> > Lutz.Jaenicke> > jaenicke> Modified: . Tag: OpenSSL_0_9_7-stable
>CHANGES
> > Lutz.Jaenicke> > jaenicke> crypto/objects Tag: OpenSSL_0_9_7-stable
>obj_dat.h obj_mac.h
> > Lutz.Jaenicke> > jaenicke> objects.txt
> > Lutz.Jaenicke> > jaenicke> Log:
> > Lutz.Jaenicke> > jaenicke> Make short names of objects RFC2256-compliant.
> >
> > Well, the thing that you fixed is something I define as a bug, and
> > your fix would therefore be a bugfix, which I think should be applied
> > to the 0.9.6 branch as well.
>
> This is really dangerous because it breaks index.txt of "openssl ca". If
> somebody use 0.9.6 to build LDIF-files for LDAP-servers then all nodes
> with a certificate in the LDAP will be duplicated. If you try to revoke
> a certificate ia "openssl ca" vwith the "new" 0.9.6 then this fails
> because the DNs are not equal.
>
> If you add this patch to 0.9.6 then there must be a really good warning
> in the documentation or in the release notes.
Hmm. I am not running an LDAP server and did not care about these details
until now.
Following your statement we must add an according note to the 0.9.7
release notes (the entry in the changelogs looks rather harmless until
now :-). We should also leave 0.9.6d with the old behaviour, as
the impact of the bug (yes, I also consider this to be a bug) is small
compared to the impact of the incompatibility.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
