Yes I knew that, but there is a problem for applications that use libcrypto, NewPKI for example :) I do not use the CONF struct (not can I), and therefore the @ syntax becomes unusable. Now, I just don't know what to do.
Thanks, Fr�d�ric Giudicelli http://www.newpki.org ----- Original Message ----- From: "Dr. Stephen Henson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, October 13, 2003 7:20 PM Subject: Re: Proposed modification for Extension Parser > On Mon, Oct 13, 2003, Fr�d�ric Giudicelli wrote: > > > Hello, > > > > The following problem is well known, it's about commas in url for > > extensions' value. > > > > Here is what a normal LDAP syntax should be: > > ldap://host/uid=ca,ou=CAs,dc=host,dc=org?certificateRevocationList > > > > But since the openssl conf parser interprets the commas as a value > > serparator, the ldap syntax becomes: > > ldap://host/uid=ca/ou=CAs/dc=host/dc=org?certificateRevocationList > > > > However many clients do not understand this syntax (IE for example, sorry > > :) ). > > > > After cheking the code the problem comes from this function > > "X509V3_parse_list" in "crypto/x509v3/v3_utl.c". > > I propose to enable commas in extensions syntax by doubling them, so that > > the syntax becomes something like this: > > ldap://host/uid=ca,,ou=CAs,,dc=host,,dc=org?certificateRevocationList > > > > This doesn't change the current interpretation since the second comma would > > generate an empty value. > > > > This patch has been generated from openssl 0.9.7b. > > > > This is unnecessary. Commas are only interpreted as value separators in the > single line extension format. If you use the multiline format as documented in > openssl.cnf commas have no special meaning and can readily be included. > > For example: > > [EMAIL PROTECTED] > > [altsect] > > URI=ldap://foo=x,bar=y > > should be OK. Check the docs for the exact syntax. > > Steve. > -- > Dr Stephen N. Henson. > Core developer of the OpenSSL project: http://www.openssl.org/ > Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ > Email addresses, PGP and S/MIME: see homepage. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
