On Mon, Oct 13, 2003, Fr�d�ric Giudicelli wrote: > Hello, > > The following problem is well known, it's about commas in url for > extensions' value. > > Here is what a normal LDAP syntax should be: > ldap://host/uid=ca,ou=CAs,dc=host,dc=org?certificateRevocationList > > But since the openssl conf parser interprets the commas as a value > serparator, the ldap syntax becomes: > ldap://host/uid=ca/ou=CAs/dc=host/dc=org?certificateRevocationList > > However many clients do not understand this syntax (IE for example, sorry > :) ). > > After cheking the code the problem comes from this function > "X509V3_parse_list" in "crypto/x509v3/v3_utl.c". > I propose to enable commas in extensions syntax by doubling them, so that > the syntax becomes something like this: > ldap://host/uid=ca,,ou=CAs,,dc=host,,dc=org?certificateRevocationList > > This doesn't change the current interpretation since the second comma would > generate an empty value. > > This patch has been generated from openssl 0.9.7b. >
This is unnecessary. Commas are only interpreted as value separators in the single line extension format. If you use the multiline format as documented in openssl.cnf commas have no special meaning and can readily be included. For example: [EMAIL PROTECTED] [altsect] URI=ldap://foo=x,bar=y should be OK. Check the docs for the exact syntax. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email addresses, PGP and S/MIME: see homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
