[xmlsec] x509vfy.c:xmlSecOpenSSLX509NamesCompare()
Roumen Petrov
xmlsec at roumenpetrov.info
Wed Jul 2 05:54:31 PDT 2003
Hi Aleksey,
One certificate can have more than one entry from type 'Organizational
Unit'.
Please find attached file "xmlsec1-20030207.patch.gz". This file contain
patch against CVS (20030702). Source code is taken from my implementaion
of "X.509 certificates support in OpenSSH". Some tests are commented.
After build of patched version go in <builddir>/src/openssl and run
"make x509vfytest && ./x509vfytest". Results follow:
==========================================
[SNIP]
xmlSecOpenSSLX509NamesCompare(): sorting a1 entries ...
ne(a)=organizationalUnitName
ne(b)=organizationalUnitName
OBJ_cmp(a,b)=0
ne(a)=organizationalUnitName
ne(b)=organizationalUnitName
OBJ_cmp(a,b)=0
xmlSecOpenSSLX509NamesCompare(): sorting b1 entries ...
ne(a)=organizationalUnitName
ne(b)=organizationalUnitName
OBJ_cmp(a,b)=0
ne(a)=organizationalUnitName
ne(b)=organizationalUnitName
OBJ_cmp(a,b)=0
xmlSecOpenSSLX509NamesCompare():
a1(buf)=/OU=test_certificate1/OU=test_certificate2/OU=test_certificate3
xmlSecOpenSSLX509NamesCompare():
b1(buf)=/OU=test_certificate1/OU=test_certificate3/OU=test_certificate2
test A4.1: return 1
xmlSecOpenSSLX509NamesCompare(): sorting a1 entries ...
ne(a)=organizationalUnitName
ne(b)=organizationalUnitName
OBJ_cmp(a,b)=0
ne(a)=organizationalUnitName
ne(b)=organizationalUnitName
OBJ_cmp(a,b)=0
xmlSecOpenSSLX509NamesCompare(): sorting b1 entries ...
ne(a)=organizationalUnitName
ne(b)=organizationalUnitName
OBJ_cmp(a,b)=0
ne(a)=organizationalUnitName
ne(b)=organizationalUnitName
OBJ_cmp(a,b)=0
xmlSecOpenSSLX509NamesCompare():
a1(buf)=/OU=test_certificate1/OU=test_certificate2/OU=test_certificate3
xmlSecOpenSSLX509NamesCompare():
b1(buf)=/OU=test_certificate2/OU=test_certificate1/OU=test_certificate2
test A4.2: return 1
xmlSecOpenSSLX509NamesCompare(): sorting a1 entries ...
ne(a)=organizationalUnitName
ne(b)=organizationalUnitName
OBJ_cmp(a,b)=0
ne(a)=organizationalUnitName
ne(b)=organizationalUnitName
OBJ_cmp(a,b)=0
xmlSecOpenSSLX509NamesCompare(): sorting b1 entries ...
ne(a)=organizationName
ne(b)=organizationalUnitName
OBJ_cmp(a,b)=-1
ne(a)=organizationalUnitName
ne(b)=organizationName
OBJ_cmp(a,b)=1
ne(a)=organizationalUnitName
ne(b)=organizationalUnitName
OBJ_cmp(a,b)=0
xmlSecOpenSSLX509NamesCompare():
a1(buf)=/OU=test_certificate1/OU=test_certificate2/OU=test_certificate3
xmlSecOpenSSLX509NamesCompare():
b1(buf)=/O=test_certificate2/OU=test_certificate2/OU=test_certificate3
test A4.3: return -1
==========================================
test A4.1 must return 0, other test are correct.
I'm not familiar with xmlsec source enough to fix problem. Might OBJ_cmp
is not enough ?
I think that we shoult compare data too.
I have different implementation to compare two X509_NAMES.
Aleksey Sanin wrote:
> Well, I am not sure that this is a valid syntax. Anyway, this function
> uses OpenSSL function "OBJ_cmp". You can look at the code and
> find this out.
>
> Aleksey
>
> P.S. Subscribing to mailing list would be a good idea if you want to have
> your messages actualy delivered to the list and not trashed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xmlsec1-20030207.patch.gz
Type: application/gzip
Size: 1449 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20030702/4a968889/xmlsec1-20030207.patch.bin
More information about the xmlsec
mailing list