[openssl-users] Failed to access LDAP server when a valid certificate is at <hash>.1+
Misaki Miyashita
misaki.miyashita at oracle.com
Tue Jan 9 20:49:22 UTC 2018
Thank you so much for the review, Viktor.
On 1/8/2018 5:57 PM, Viktor Dukhovni wrote:
>> On Jan 8, 2018, at 5:46 PM, Misaki Miyashita <misaki.miyashita at oracle.com> wrote:
>>
>> I would like to suggest the following fix so that a valid certificate at <hash>.x can be recognized during the cert validation even when <hash>.0 is linking to a bad/expired certificate. This may not be the most elegant solution, but it is a minimal change with low impact to the rest of the code.
> The patch looks wrong to me. It seems to have a memory leak.
> It is also not clear that with CApath all the certificates will
> already be loaded, so the iterator may not find the desired
> matching element.
I will look into the code to see if there is a memory leak issue.
However, we have tested internally and all certificates (valid and
invalid) were loaded, and the suggested fix is able to identify the
matching valid certificate.
>
>> Could I possibly get a review on the change? and possibly be considered to be integrated to the upstream?
>> (This is for the 1.0.1 branch)
> The 1.0.1 branch is no longer supported.
Sorry, that was a typo :-( I meant the 1.0.2 branch.
-- misaki
More information about the openssl-users
mailing list