upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-01-16 03:44:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#5151 fix CertificateListValidate

Browse source
This commit is contained in:
Howard Chu 2007-09-24 07:55:56 +00:00
parent f1065e1780
commit d322eb96c3
1 changed files with 10 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
servers/slapd/schema_init.c
View file

@ -222,21 +222,23 @@ static int certificateListValidate( Syntax *syntax, struct berval *in )
if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
ber_skip_data( ber, len );
tag = ber_skip_tag( ber, &len ); /* thisUpdate */
/* NOTE: in the certificates I'm playing with, the time is UTC.
* maybe the tag is different from 0x17U for generalizedTime? */
if ( tag != 0x17U ) return LDAP_INVALID_SYNTAX;
/* Time is a CHOICE { UTCTime, GeneralizedTime } */
if ( tag != 0x17U && tag != 0x18U ) return LDAP_INVALID_SYNTAX;
ber_skip_data( ber, len );
/* Optional nextUpdate */
tag = ber_skip_tag( ber, &len );
if ( tag == 0x17U ) {
if ( tag == 0x17U || tag == 0x18U ) {
ber_skip_data( ber, len );
tag = ber_skip_tag( ber, &len );
}
/* Optional revokedCertificates */
/* revokedCertificates - Sequence of Sequence, Optional */
if ( tag == LBER_SEQUENCE ) {
/* Should NOT be empty */
ber_skip_data( ber, len );
tag = ber_skip_tag( ber, &len );
ber_len_t seqlen;
if ( ber_peek_tag( ber, &seqlen ) == LBER_SEQUENCE ) {
/* Should NOT be empty */
ber_skip_data( ber, len );
tag = ber_skip_tag( ber, &len );
}
}
/* Optional Extensions */
if ( tag == SLAP_X509_OPT_CL_CRLEXTENSIONS ) { /* ? */