RE: LDAP address in crlDistributionPoints has commas in it

Wed, 14 Mar 2001 15:18:47 -0800 

That worked like a charm. Thanks very much

Mark Roach

-----Original Message-----
From: Dr S N Henson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 14, 2001 5:10 PM
To: [EMAIL PROTECTED]
Subject: Re: LDAP address in crlDistributionPoints has commas in it




"Roach, Mark R." wrote:
> 
> I can't sign any certificates if I have an LDAP address that includes
commas
> (between dn components) under crlDistributionPoints... It works fine for
> http addresses and ldap addresses that don't have commas, but I'm stuck...
> Are there escape codes I need to use '\' didn't seem to work... out of
> ideas...
> 
> the error is:
> 
> Error Loading extension section usr_cert
> 27626:error:2207507C:X509 V3 routines:v2i_GENERAL_NAME:missing
> value:v3_alt.c:335:
> 27626:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in
> extensions:v3_conf.c:91:name=crlDistributionPoints,
> value=URI:ldap://10.13.1.129/cn=this,dc=is?atest
> 

This is an unfortunate side effect of the way the CONF parser works and
I never got time to fix this. If you put a '\' in there it gets stripped
by the conf code before the extension routines even see it.

Try using the alternative form of the multivalue extensions.

Instead of doing

crlDirstributionPoints=URI:http://some/uri,URI:ldap://10.13.1.129/cn=this,dc
=is?atest

try:

crlDirstributionPoints=@crldp_section

[ crldp_section ]

URI.1=http://some/uri
URI.2=ldap://10.13.1.129/cn=this,dc=is?atest

for more info see doc/openssl.txt

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to