Re: [Openca-Users] problems with CNs containing slashes /

[Michael Bell]

Hi Lyle,

Lyle Winton wrote:
Dear OpenCA users and developers,
(I sent this to the developers list but it was rejected.)
You can only mail to lists which you subscribed. If you subscribe to 
openca-devel then you can mail to this list too. The list is not restricted.

I've been using OpenCA for over a year now, the main purpose as a CA for
Grid certs (Globus, GSI etc.).  A problem that I've come across in all
the versions I've used (currently OpenCA 0.9.0-2 release) is the
signing, displaying, and archiving (LDAP) of certificates containing
slashes.  I suppose the main reason is the slash/comma variability in
SSL subject names.  Globus (the standard Grid middleware implementation)
uses LDAP certificates of the format...
    subject: CN=ldap/host.domain,O=Oranisation,O=Grid
... or something similar.  The "ldap/host.domain" bit is required!
 Would you consider adding the signing, displaying, and archiving (LDAP
especially) of these sorts of certificates to your standard regression
tests?  This would make OpenCA more Grid friendly and I would greatly
appreciate it.
OpenCA should accept such values today because some italian guys request 
this feature too. The italian signature law requires some really special 
things. The actual releases 0.9.1.2 and the CVS head should be ready for 
such values. Nevertheless you are correct with regex. There can still be 
some problems.

I scanned our sources and attached a file with original and unfixed 
regex. Can you please check it too? I will do the integration by myself 
but I want to be sure that I understand your regexes right.

Only the interpretation of requests is sometimes wrong. The editing and 
requesthandling itself works today but I don't tested the LDAP code with 
such certificates. I added it to docs/test/ldap.xml.

Michael
--
-------------------------------------------------------------------
Michael Bell                   Email: [EMAIL PROTECTED]
ZE Computer- und Medienservice            Tel.: +49 (0)30-2093 2482
(Computing Centre)                        Fax:  +49 (0)30-2093 2704
Humboldt-University of Berlin
Unter den Linden 6
10099 Berlin                   Email (private): [EMAIL PROTECTED]
Germany                                       http://www.openca.org


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users