In message <[EMAIL PROTECTED]> on Mon, 13 Oct 2003 21:04:40 +0200, Fr�d�ric Giudicelli <[EMAIL PROTECTED]> said:
groups> Yes I knew that, but there is a problem for applications that groups> use libcrypto, NewPKI for example :) groups> I do not use the CONF struct (not can I), and therefore the @ groups> syntax becomes unusable. groups> Now, I just don't know what to do. What you're saying is very confusing. You mentioned X509V3_parse_list(), which is very typically used when analysing the contents of a configuration file for X.509v3 extensions. What exactly is X509V3_parse_list() used for in the context where it fails? And if you are in power to code the parsing, would you consider writing your own parsing code to do the stuff you want done? groups> ----- Original Message ----- groups> From: "Dr. Stephen Henson" <[EMAIL PROTECTED]> groups> To: <[EMAIL PROTECTED]> groups> Sent: Monday, October 13, 2003 7:20 PM groups> Subject: Re: Proposed modification for Extension Parser groups> groups> groups> > On Mon, Oct 13, 2003, Fr�d�ric Giudicelli wrote: groups> > groups> > > Hello, groups> > > groups> > > The following problem is well known, it's about commas in url for groups> > > extensions' value. groups> > > groups> > > Here is what a normal LDAP syntax should be: groups> > > ldap://host/uid=ca,ou=CAs,dc=host,dc=org?certificateRevocationList groups> > > groups> > > But since the openssl conf parser interprets the commas as a value groups> > > serparator, the ldap syntax becomes: groups> > > ldap://host/uid=ca/ou=CAs/dc=host/dc=org?certificateRevocationList groups> > > groups> > > However many clients do not understand this syntax (IE for example, groups> sorry groups> > > :) ). groups> > > groups> > > After cheking the code the problem comes from this function groups> > > "X509V3_parse_list" in "crypto/x509v3/v3_utl.c". groups> > > I propose to enable commas in extensions syntax by doubling them, so groups> that groups> > > the syntax becomes something like this: groups> > > ldap://host/uid=ca,,ou=CAs,,dc=host,,dc=org?certificateRevocationList groups> > > groups> > > This doesn't change the current interpretation since the second comma groups> would groups> > > generate an empty value. groups> > > groups> > > This patch has been generated from openssl 0.9.7b. groups> > > groups> > groups> > This is unnecessary. Commas are only interpreted as value separators in groups> the groups> > single line extension format. If you use the multiline format as groups> documented in groups> > openssl.cnf commas have no special meaning and can readily be included. groups> > groups> > For example: groups> > groups> > [EMAIL PROTECTED] groups> > groups> > [altsect] groups> > groups> > URI=ldap://foo=x,bar=y groups> > groups> > should be OK. Check the docs for the exact syntax. groups> > groups> > Steve. groups> > -- groups> > Dr Stephen N. Henson. groups> > Core developer of the OpenSSL project: http://www.openssl.org/ groups> > Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ groups> > Email addresses, PGP and S/MIME: see homepage. -- Richard Levitte \ Tunnlandsv�gen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
