Re: [xmlsec] x509vfy.c:xmlSecOpenSSLX509NamesCompare()

Thu, 03 Jul 2003 23:40:43 -0700

Aleksey Sanin wrote:


In general to compare values in two X509 names we should do more tasks, but at moment this is enough.


Can you give more details about this, please? 

1.1) About PrintableString:
=================================================
This specification requires only a subset of the name comparison
  functionality specified in the X.500 series of specifications.  The
  requirements for conforming implementations are as follows:




Housley, et. al. Standards Track [Page 20]

RFC 2459 Internet X.509 Public Key Infrastructure January 1999


     (a) attribute values encoded in different types (e.g.,
     PrintableString and BMPString) may be assumed to represent
     different strings;

     (b) attribute values in types other than PrintableString are case
     sensitive (this permits matching of attribute values as binary
     objects);

     (c) attribute values in PrintableString are not case sensitive
     (e.g., "Marianne Swanson" is the same as "MARIANNE SWANSON"); and

     (d) attribute values in PrintableString are compared after
     removing leading and trailing white space and converting internal
     substrings of one or more consecutive white space characters to a
     single space.
=================================================
1.2) About IA5String:
  In addition, legacy implementations exist where an RFC 822 name is
  embedded in the subject distinguished name as an EmailAddress
  attribute.  The attribute value for EmailAddress is of type IA5String
  to permit inclusion of the character '@', which is not part of the
  PrintableString character set.  EmailAddress attribute values are not
  case sensitive (e.g., "[EMAIL PROTECTED]" is the same as
  "[EMAIL PROTECTED]").
=================================================

2.) discussion about generalization of X509_NAME_cmp in openssl maillist(bugs?) (I cannot remember URL[s]). X509_NAME_cmp generalization is posponed for OpenSSL 0.9.8 release.



Could you add "const" to suppress warnings:

Might because I use always CFLAGS="-O2 -Wall" to build all packages ?


No warnings for me... but I added 'const' word as you've suggested.

Aleksey 



_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to