note about OpenSSL being more liberal than OpenLDAP when there is garbage past the end of a certificateList

2025-12-27 01:59:38 -05:00 · 2009-08-03 14:07:49 +00:00 · 2009-08-03 14:07:49 +00:00 · 20371c3eae
commit 20371c3eae
parent 8fc79e1116
1 changed files with 1 additions and 0 deletions
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@ -337,6 +337,7 @@ certificateListValidate( Syntax *syntax, struct berval *in )
 	ber_skip_data( ber, len );
 	tag = ber_skip_tag( ber, &len );
 	/* Must be at end now */
+	/* NOTE: OpenSSL tolerates CL with garbage past the end */
 	if ( len || tag != LBER_DEFAULT ) return LDAP_INVALID_SYNTAX;
 	return LDAP_SUCCESS;
 }