Bugzilla – Bug 124350
ldapssl_get_cert is failing on the second cert in a chain
Last modified: 2006-04-19 17:48:55 UTC
------- Bug moved to this database by vrajkumar@novell.com 2005-10-10 16:54 ------- This bug previously known as bug DEFECT000277449 at remedy/ remedy/show_bug.cgi?id=DEFECT000277449 Originally filed under the NDS SDK product and LDAP C SDK component. --------- <remedy_version_found_in> BLANK </remedy_version_found_in> --------- <remedy_milestone> BLANK </remedy_milestone> --------- <remedy_details> CLDAPSDK - 20010815 I create (in ConsoleOne) a certificate (key material object) with a validity period off in the future. I set the new certificate to be the SSL Certificate in the SSL Configuration of the LDAP Server object. I register for the callback (ldapssl_set_verify_callback) and in the callback function I make the call ldapssl_get_cert. to save the cert to a file. In this scenario I am getting called back twice. The cert returned the first time is the valid trusted root cert and I am able to get the cert. The cert returned the second time is the new cert with a "Not Before Time" that is in the future. The ldapssl_get_cert is failing (-1) on this one. This problem also occurs if I create an expired certificate and do the same thing. </remedy_details> --------- <remedy_notes> rbeauchamp ( 8/31/01 4:20:05 PM Fixing - Fix Is Checked-In ) Fixed A new attribute is available via ldapssl_get_cert_attribute. It is called LDAPSSL_CERT_GET_STATUS. The following is an example of how it works: rc = ldapssl_get_cert_attribute( pHandle, /* cert Handle */ LDAPSSL_CERT_GET_STATUS, /* desired attribute */ &certStatus, /* attribute value */ &length ); /* length */ This certStatus contains a number telling you the status of the certificate. Defines for the numbers can be found in ldap_ssl.h. A new version of sslbind_interactive.c has also been checked in, showing the use of certStatus. </remedy_notes>
unable to reproduce this bug