[xmlsec] x509vfy.c:xmlSecOpenSSLX509NamesCompare()
Roumen Petrov
xmlsec at roumenpetrov.info
Wed Jul 2 07:42:57 PDT 2003
Might source similar to next lines:
=====================================
static int
xmlSecOpenSSLX509_NAME_ENTRY_cmp(const X509_NAME_ENTRY **a, const
X509_NAME_ENTRY **b) {
int ret;
xmlSecAssert2(a != NULL, -1);
xmlSecAssert2(b != NULL, 1);
ret = OBJ_cmp((*a)->object, (*b)->object);
if (ret == 0) {
ASN1_STRING *nvA = (*a)->value;
ASN1_STRING *nvB = (*b)->value;
#ifdef XMLSEC_X509VFY_TEST
{
int la = M_ASN1_STRING_length(nvA);
u_char *pa = M_ASN1_STRING_data (nvA);
int lb = M_ASN1_STRING_length(nvB);
u_char *pb = M_ASN1_STRING_data (nvB);
fprintf(stderr, "\tnvA='%*s'\tnvB='%*s'\n", la, pa, lb, pb);
}
#endif /*def XMLSEC_X509VFY_TEST*/
ret = M_ASN1_STRING_length(nvA) - M_ASN1_STRING_length(nvB);
if (ret == 0) {
ret = M_ASN1_STRING_length(nvA);
ret = memcmp(nvA->data, nvB->data, ret);
}
}
//fprintf(stderr, "xmlSecOpenSSLX509_NAME_ENTRY_cmp() ret=%d\n", ret);
return(ret);
//return(OBJ_cmp((*a)->object, (*b)->object));
}
======================================================
Aleksey Sanin wrote:
> I think I found the problem: the OBJ_cmp() (and
> xmlSecOpenSSLX509_NAME_ENTRY_cmp)
> compare object names and not object values. Thus when we do sort names
> entries in
> xmlSecOpenSSLX509NamesCompare() it sorts by object names correctly but
> fails to sort
> by object values. Next when we walk thru the list of entries in
> xmlSecOpenSSLX509_NAME_cmp()
> we compare both names and values. But sorting order is not
> deterministic for entries
> with the same name!
>
> Ok, I think I can fix it relativly easy... Thanks for bug report!
>
> Aleksey
>
>
>
>
More information about the xmlsec
mailing list