Mike Pechkin via RT wrote: >On Wed, Jun 05, 2002 at 03:10:58PM +0200, Lutz Jaenicke via RT wrote: > > >>The problem is caused by inconsistent definitions for the OID values. >>According to RFC2256, the OID 2.5.4.45 is assigned to >>X500UniqueIdentifier. UniqueIdentifier was assigned to >>pilotAttributeType.44 in RFC1274. >> >> >Let's discuss how to fix it!? > Well, the situation is in fact even a little bit worst than that.
In order to do something that makes sense, the good question to ask is : "Why do people want to deal with an identifier called uniqueid, or something similar ?". In most case, the answer is because they have an LDAP environment, where there is an identifier called uid, and they want to use that one. And this uid from LDAP is neither 2.5.4.45, nor pilotAttributeType.44 from RFC1274. It's pilotAttributeType.1 from RFC1274, whose true name is Userid, but that is wrongly called uniqueID in many LDAP documents . See for the exact reference this : http://ldap.akbkhome.com/attribute/uid.html and as an example of the name confusion, this (the OID itself shown is the correct one) : http://developer.novell.com/ndk/doc/ndslib/schm_enu/data/sdk5430.html The older version of the dumpasn1.cfg file of the dumpasn1 tool I had on my hard drive has it wrong too, but the current version on http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg does display it as Userid, not uniqueID. The situation is a little simplified when one knows that nobody uses pilotAttributeType.44 from RFC1274. >For instance, mod_ssl 2.8.8-1.3.24 use workaround: > >Also, markus@ created this temp patch: > >Comments ? > > Send the authors a description of the problem, and tell them that they can not solve the problem in automatic mode, they need to check what they truly want here and if this is the uid attribute from LDAP, then they should use the long string name "userId" to get the OID 0.9.2342.19200300.100.1.1 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
