Bug 124350 (DEFECT000277449)

Summary: ldapssl_get_cert is failing on the second cert in a chain
Product: [Novell Products] NDS SDK Reporter: Forgotten User WOalQCA2Pj <forgotten_WOalQCA2Pj>
Component: LDAP C SDKAssignee: Forgotten User WOalQCA2Pj <forgotten_WOalQCA2Pj>
Status: VERIFIED FIXED QA Contact: Sundar Swamy <ssundar>
Severity: Critical    
Priority: P5 - None CC: aclark
Version: OCT 2006 NDKKeywords: English
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Component Test Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Rajkumar V 2005-10-10 22:54:37 UTC 


------- Bug moved to this database by vrajkumar@novell.com 2005-10-10 16:54 -------

This bug previously known as bug DEFECT000277449 at remedy/
remedy/show_bug.cgi?id=DEFECT000277449
Originally filed under the NDS SDK product and LDAP C SDK component.

---------
<remedy_version_found_in> BLANK </remedy_version_found_in>
---------
<remedy_milestone> BLANK </remedy_milestone>
---------
<remedy_details> CLDAPSDK - 20010815

I create (in ConsoleOne) a certificate (key material object) with a validity
period off in the future.  I set the new certificate to be the SSL Certificate
in the SSL Configuration of the LDAP Server object.  I register for the
callback (ldapssl_set_verify_callback) and in the callback function I make
the call ldapssl_get_cert. to save the cert to a file.  In this scenario
I am getting called back twice.  The cert returned the first time is the
valid trusted root cert and I am able to get the cert.  The cert returned the
second time is the new cert with a "Not Before Time" that is in the future.
The ldapssl_get_cert is failing (-1) on this one.
  This problem also occurs if I create an expired certificate and do the
  same thing. </remedy_details>
---------
<remedy_notes> rbeauchamp (  8/31/01 4:20:05 PM  Fixing - Fix Is
      Checked-In ) Fixed
A new attribute is available via ldapssl_get_cert_attribute. It is called
LDAPSSL_CERT_GET_STATUS. The following is an example of how it works:

   rc = ldapssl_get_cert_attribute( pHandle,                 /* cert Handle */
                                    LDAPSSL_CERT_GET_STATUS, /* desired
                                    attribute */
                                    &certStatus,             /* attribute
                                    value */
                                    &length );               /* length */

This certStatus contains a number telling you the status of the
certificate. Defines for the numbers can be found in ldap_ssl.h.

A new version of sslbind_interactive.c has also been checked in, showing
the use of certStatus.

 </remedy_notes>
Comment 1 Forgotten User WOalQCA2Pj 2006-03-14 15:52:11 UTC 
unable to reproduce this bug