Hello, The following problem is well known, it's about commas in url for extensions' value.
Here is what a normal LDAP syntax should be: ldap://host/uid=ca,ou=CAs,dc=host,dc=org?certificateRevocationList But since the openssl conf parser interprets the commas as a value serparator, the ldap syntax becomes: ldap://host/uid=ca/ou=CAs/dc=host/dc=org?certificateRevocationList However many clients do not understand this syntax (IE for example, sorry :) ). After cheking the code the problem comes from this function "X509V3_parse_list" in "crypto/x509v3/v3_utl.c". I propose to enable commas in extensions syntax by doubling them, so that the syntax becomes something like this: ldap://host/uid=ca,,ou=CAs,,dc=host,,dc=org?certificateRevocationList This doesn't change the current interpretation since the second comma would generate an empty value. This patch has been generated from openssl 0.9.7b. Fr�d�ric Giudicelli http://www.newpki.org
v3_utl.c.patch
Description: Binary data
