Dear OpenCA users and developers, (I sent this to the developers list but it was rejected.)
Dear OpenCA developers,
I've been using OpenCA for over a year now, the main purpose as a CA for
Grid certs (Globus, GSI etc.). A problem that I've come across in all
the versions I've used (currently OpenCA 0.9.0-2 release) is the
signing, displaying, and archiving (LDAP) of certificates containing
slashes. I suppose the main reason is the slash/comma variability in
SSL subject names. Globus (the standard Grid middleware implementation)
uses LDAP certificates of the format...
subject: CN=ldap/host.domain,O=Oranisation,O=Grid
... or something similar. The "ldap/host.domain" bit is required!
Would you consider adding the signing, displaying, and archiving (LDAP
especially) of these sorts of certificates to your standard regression
tests? This would make OpenCA more Grid friendly and I would greatly
appreciate it.What I've found is that in many places Perl REs like the following are
commonly performed:
$ret->{DN} =~ s/\/([^=]+)=/, $1=/g;
$h_dn =~ s/^[^\/,]*[\/,]//;
$h_attribute =~ s/\///;
$h_attribute =~ s/,//;
$dn =~ s/\//,/g;
Most of these assume that you won't find a slash anywhere in any
attribute. (Or comma for that matter.) This can generally be solved by
looking for slashes followed by valid attribute names (ie. no slashes or
commas):
$ret->{DN} =~ s/\/([^=,\/]+)=/, $1=/g;
$dn =~ s/\/(?=[^=,\/]+=)/,/g;Regards, Lyle.
------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
