Hi, On Wed, Aug 05, 2009 at 02:10:56PM +0200, Martin Bartosch wrote: > > I first started trying to sign in with certificate challenge/ > > response which led me to the following problem in the debug log: > > > > For some reason the Certificate subject sent by the browser looked > > like that: > > UID=root/CN=Root DemoCA,... > > > > and was compared to the following certificate subject in the database: > > CN=Root DemoCA+UID=root,... > > > > I didn't look into the reason why the subject line looked that > > weird (exchanged separator, swapped elements) > > but just added a few checks and changing the subject line on the > > fly (replacing / with + and swapping the elements) > > until it matches. Challenge/response signon was possible after > > these changes. > > Not very clean, but it works for me. ;-) > > Interesting, need to have a look at that. (Never used the UID RDN, > maybe that's the reason). Not sure if this is a bug, though.
It's not the UID RDN, it's the + that is messing with openssl pkcs7 -print_certs, see bug #1907158 (http://sourceforge.net/tracker/?func=detail&aid=1907158&group_id=150124&atid=776757). Again, it would make sense not to use the +-Syntax at the moment, it is rather odd anyways. Cheers, Alex
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
