ldap cert retrieval and pem encoding

ldap cert retrieval and pem encoding

[Ulf Stegemann]

XEmacs 21.4 (patch 17) "Jumbo Shrimp" [Lucid] (i686-pc-linux, Mule), 
No Gnus v0.4

The ldap server I use stores s/mime certificates either in DER or in PEM
format.  smime-ldap retrieves only DER encoded certificates correctly.  PEM
encoded certificates are fetched, too, but the resulting tmp file/buffer does
not contain the correct cert only something that looks like a cert.

Can anyone confirm this behaviour or is it a local problem?


Ulf

Re: ldap cert retrieval and pem encoding

[Simon Josefsson]

Ulf Stegemann <ulf@zeitform.de> writes:

> XEmacs 21.4 (patch 17) "Jumbo Shrimp" [Lucid] (i686-pc-linux, Mule), 
> No Gnus v0.4
>
> The ldap server I use stores s/mime certificates either in DER or in PEM
> format.  smime-ldap retrieves only DER encoded certificates correctly.  PEM
> encoded certificates are fetched, too, but the resulting tmp file/buffer does
> not contain the correct cert only something that looks like a cert.
>
> Can anyone confirm this behaviour or is it a local problem?

The code assume the data returned is in DER form, so I think your
analysis is correct, and it is not a local problem.  The received,
assumed-DER, data is then base64 encoded, and wrapped into a PEM blob.
You should be able to base64 decode the tmp file/buffer content, and
get the certificate in PEM format.

I see two solutions:

The Right Thing: figure out how to get the type of data returned from
the server, and follow that hint.

The Workaround: Look at the received data to see if the head happen to
match a PEM header, and decide based on that.

It might be that the two solutions collapse into one if the server
can't return the type of data in any other way of having a PEM header
on the blob, though.

Re: ldap cert retrieval and pem encoding

[Arne Jørgensen]

Ulf Stegemann <ulf@zeitform.de> writes:

> XEmacs 21.4 (patch 17) "Jumbo Shrimp" [Lucid] (i686-pc-linux, Mule), 
> No Gnus v0.4
>
> The ldap server I use stores s/mime certificates either in DER or in PEM
> format.  smime-ldap retrieves only DER encoded certificates correctly.  PEM
> encoded certificates are fetched, too, but the resulting tmp file/buffer does
> not contain the correct cert only something that looks like a cert.
>
> Can anyone confirm this behaviour or is it a local problem?

Was this with or without the patch i posted here some weeks ago?
<http://article.gmane.org/gmane.emacs.gnus.general/60203>

I didn't think it would be possible to retrieve a certificate via LDAP
in XEmacs without this patch. On the other hand LDAP in Emacs/XEmacs
is weird, so ...

I've read somewhere that certificates published via LDAP _should_
always be in DER format. But your LDAP server is probably not the only
server out there delivering in PEM format so we should maybe support
this anyway.

Is there some way to identify that the certificate is in PEM format?

Could you try to issue a command line like:

ldapsearch -x -t -h LDAPSERVER -b SEARCHBASE "mail=your@address.com" "userCertificate"

and have a look at whether the userCertificate attribute is reported
as userCertificate or userCertificate;binary?

And look whether the retrieved certificate contains the PEM header and
footer? (-----BEGIN CERTIFICATE-----)

Kind regards,
-- 
Arne Jørgensen <http://arnested.dk/>

Re: ldap cert retrieval and pem encoding

[Arne Jørgensen]

Ulf Stegemann <ulf@zeitform.de> writes:

> XEmacs 21.4 (patch 17) "Jumbo Shrimp" [Lucid] (i686-pc-linux, Mule), 
> No Gnus v0.4
>
> The ldap server I use stores s/mime certificates either in DER or in PEM
> format.  smime-ldap retrieves only DER encoded certificates correctly.  PEM
> encoded certificates are fetched, too, but the resulting tmp file/buffer does
> not contain the correct cert only something that looks like a cert.
>
> Can anyone confirm this behaviour or is it a local problem?

Was this with or without the patch i posted here some weeks ago?
<http://article.gmane.org/gmane.emacs.gnus.general/60203>

I didn't think it would be possible to retrieve a certificate via LDAP
in XEmacs without this patch. On the other hand LDAP in Emacs/XEmacs
is weird, so ...

I've read somewhere that certificates published via LDAP _should_
always be in DER format. But your LDAP server is probably not the only
server out there delivering in PEM format so we should maybe support
this anyway.

Is there some way to identify that the certificate is in PEM format?

Could you try to issue a command line like:

ldapsearch -x -t -h LDAPSERVER -b SEARCHBASE "mail=your@address.com" "userCertificate"

and have a look at whether the userCertificate attribute is reported
as userCertificate or userCertificate;binary?

And look whether the retrieved certificate contains the PEM header and
footer? (-----BEGIN CERTIFICATE-----)

Kind regards,
-- 
Arne Jørgensen <http://arnested.dk/>

Re: ldap cert retrieval and pem encoding

[Ulf Stegemann]

Arne Jørgensen <arne@arnested.dk> wrote:

> Ulf Stegemann <ulf@zeitform.de> writes:
>
>> XEmacs 21.4 (patch 17) "Jumbo Shrimp" [Lucid] (i686-pc-linux, Mule), 
>> No Gnus v0.4
>>
>> The ldap server I use stores s/mime certificates either in DER or in PEM
>> format.  smime-ldap retrieves only DER encoded certificates correctly.  PEM
>> encoded certificates are fetched, too, but the resulting tmp file/buffer does
>> not contain the correct cert only something that looks like a cert.

[...]

> Was this with or without the patch i posted here some weeks ago?
> <http://article.gmane.org/gmane.emacs.gnus.general/60203>

I tried it only with the patch.

> I've read somewhere that certificates published via LDAP _should_
> always be in DER format. But your LDAP server is probably not the only
> server out there delivering in PEM format so we should maybe support
> this anyway.
>
> Is there some way to identify that the certificate is in PEM format?

The only way to tell if the certificate is PEM encoded is to look at the
certificate itself ...

> Could you try to issue a command line like:
>
> ldapsearch -x -t -h LDAPSERVER -b SEARCHBASE "mail=your@address.com" "userCertificate"
>
> and have a look at whether the userCertificate attribute is reported
> as userCertificate or userCertificate;binary?

... as every certificate is delivered as userCertificate;binary and no other
field indicates the kind of encoding.

> And look whether the retrieved certificate contains the PEM header and
> footer? (-----BEGIN CERTIFICATE-----)

Certificates from the ldap do contain the '-----BEGIN CERTIFICATE-----' and
'-----END CERTIFICATE-----' lines.

I do not know what's the intend of the guys running the ldap server to store
certificates in different encodings.  I was asked to provide my certificate
PEM encoded but I presume that the encoding demanded is dependent on the
ldap admin I talk to.

Anyway, the main purpose for the ldap provided certificates is to allow
Outlook users (and to a lesser degree Mozilla Mail/Thunderbird users) to
encrypt/verify mail.  Therefore, I think that any certificate recognized by
Outlook --- may it be DER or PEM encoded, may it be with or without
'-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----' lines, may it
be as userCertificate or userCertificate;binary -- will possibly appear in
ldap servers out there.  I think it would be useful to know which kind of
data Outlook (Mozilla Mail/Thunderbird) could handle to find out what could
happen in the wild.  However, I'm not familiar with Outlook and will
most likely never be.  Someone else?


Ulf

Re: ldap cert retrieval and pem encoding

[Arne Jørgensen]

Ulf Stegemann <ulf@zeitform.de> skriver:

> Arne Jørgensen <arne@arnested.dk> wrote:
>
>> Was this with or without the patch i posted here some weeks ago?
>> <http://article.gmane.org/gmane.emacs.gnus.general/60203>
>
> I tried it only with the patch.

OK. Then the world makes sense again.

>> I've read somewhere that certificates published via LDAP _should_
>> always be in DER format. But your LDAP server is probably not the only
>> server out there delivering in PEM format so we should maybe support
>> this anyway.
>>
>> Is there some way to identify that the certificate is in PEM format?
>
> The only way to tell if the certificate is PEM encoded is to look at the
> certificate itself ...
>
>> Could you try to issue a command line like:
>>
>> ldapsearch -x -t -h LDAPSERVER -b SEARCHBASE "mail=your@address.com" "userCertificate"
>>
>> and have a look at whether the userCertificate attribute is reported
>> as userCertificate or userCertificate;binary?
>
> ... as every certificate is delivered as userCertificate;binary and no other
> field indicates the kind of encoding.
>
>> And look whether the retrieved certificate contains the PEM header and
>> footer? (-----BEGIN CERTIFICATE-----)
>
> Certificates from the ldap do contain the '-----BEGIN CERTIFICATE-----' and
> '-----END CERTIFICATE-----' lines.
>
> I do not know what's the intend of the guys running the ldap server to store
> certificates in different encodings.  I was asked to provide my certificate
> PEM encoded but I presume that the encoding demanded is dependent on the
> ldap admin I talk to.
>
> Anyway, the main purpose for the ldap provided certificates is to allow
> Outlook users (and to a lesser degree Mozilla Mail/Thunderbird users) to
> encrypt/verify mail.  Therefore, I think that any certificate recognized by
> Outlook --- may it be DER or PEM encoded, may it be with or without
> '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----' lines, may it
> be as userCertificate or userCertificate;binary -- will possibly appear in
> ldap servers out there.  I think it would be useful to know which kind of
> data Outlook (Mozilla Mail/Thunderbird) could handle to find out what could
> happen in the wild.  However, I'm not familiar with Outlook and will
> most likely never be.  Someone else?

I have no idea what Outlook expects either.

What we could do in Gnus is:

1. If it contains "-----BEGIN CERTIFICATE-----" it is in PEM-format.

2. Otherwise try to base64-decode it and if that succeeds also assumed
   it is in PEM-format.

3. Finally decide it must be in DER-format.

This shouldn't be difficult to implement. I have time make an
implementation on Tuesday.

Kind regards,
-- 
Arne Jørgensen <http://arnested.dk/>

Re: ldap cert retrieval and pem encoding

[Simon Josefsson]

Arne Jørgensen <arne@arnested.dk> writes:

> What we could do in Gnus is:
>
> 1. If it contains "-----BEGIN CERTIFICATE-----" it is in PEM-format.
>
> 2. Otherwise try to base64-decode it and if that succeeds also assumed
>    it is in PEM-format.
>
> 3. Finally decide it must be in DER-format.
>
> This shouldn't be difficult to implement. I have time make an
> implementation on Tuesday.

Great!  The approach look good to me.

Re: ldap cert retrieval and pem encoding

[Ulf Stegemann]

Simon Josefsson <jas@extundo.com> wrote:

> Arne Jørgensen <arne@arnested.dk> writes:
>
>> What we could do in Gnus is:
>>
>> 1. If it contains "-----BEGIN CERTIFICATE-----" it is in PEM-format.
>>
>> 2. Otherwise try to base64-decode it and if that succeeds also assumed
>>    it is in PEM-format.
>>
>> 3. Finally decide it must be in DER-format.
>>
>> This shouldn't be difficult to implement. I have time make an
>> implementation on Tuesday.
>
> Great!  The approach look good to me.

I second that!

If you've any code ready, I would like to test it here right away and tell
you if it is working or not (at least for PEM encoded certs *with*
header/footer and DER encoded certs).


Ulf

Re: ldap cert retrieval and pem encoding

[Arne Jørgensen]

Ulf Stegemann <ulf@zeitform.de> skriver:

> If you've any code ready, I would like to test it here right away and tell
> you if it is working or not (at least for PEM encoded certs *with*
> header/footer and DER encoded certs).

Not yet. I've just finish an examination (5 minutes ago) and need to
go drink some beers. Tomorrow I'll need to code some e-lisp. I have my
needs ;-)

Kind regards,
-- 
Arne Jørgensen <http://arnested.dk/>

Re: ldap cert retrieval and pem encoding

[Arne Jørgensen]

[-- Attachment #1: Type: text/plain, Size: 697 bytes --]

Arne Jørgensen <arne@arnested.dk> skriver:

> What we could do in Gnus is:
>
> 1. If it contains "-----BEGIN CERTIFICATE-----" it is in PEM-format.
>
> 2. Otherwise try to base64-decode it and if that succeeds also assumed
>    it is in PEM-format.
>
> 3. Finally decide it must be in DER-format.
>
> This shouldn't be difficult to implement. I have time make an
> implementation on Tuesday.

I have implemented the above strategy.

I had no way to test it (except that it still works with DER encoded
certificates).

The attached patch also includes the patch for LDAP handling in XEmacs
(from some weeks ago).

Kind regards,
-- 
Arne Jørgensen <http://arnested.dk/>


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Patch for XEmacs compability and certificates in PEM format --]
[-- Type: text/x-patch, Size: 4628 bytes --]

Index: lisp/ChangeLog
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/ChangeLog,v
retrieving revision 7.706
diff -u -p -r7.706 ChangeLog
--- lisp/ChangeLog	30 May 2005 14:45:12 -0000	7.706
+++ lisp/ChangeLog	31 May 2005 09:17:50 -0000
@@ -1,3 +1,10 @@
+2005-05-31  Arne J^[,Ax^[(Brgensen  <arne@arnested.dk>
+
+	* smime-ldap.el (smime-ldap-search): Add compatibility for XEmacs.
+
+	* smime.el (smime-cert-by-ldap-1): Handle certificates distributed
+	in PEM format. Adjust to the XEmacs compability.
+
 2005-05-30  Reiner Steib  <Reiner.Steib@gmx.de>
 
 	* encrypt.el (encrypt-xor-process-buffer): Replace `string-to-int'
Index: lisp/smime-ldap.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/smime-ldap.el,v
retrieving revision 7.3
diff -u -p -r7.3 smime-ldap.el
--- lisp/smime-ldap.el	15 Feb 2005 01:58:42 -0000	7.3
+++ lisp/smime-ldap.el	31 May 2005 09:17:51 -0000
@@ -31,14 +31,7 @@
 ;; made to achieve compatibility with OpenLDAP v2 and to make it
 ;; possible to retrieve LDAP attributes that are tagged ie ";binary".
 
-;; When Gnus drops support for Emacs 21.x this file can be removed and
-;; smime.el changed to
-
-;;   - (require 'smime-ldap)   =>   (require 'ldap)
-;;   - (smime-ldap-search ...) =>   (ldap-search ...)
-
-;; If we are running in Emacs 22 or newer it just uses the build-in
-;; version of ldap-search.
+;; The file also adds a compatibility layer for Emacs and XEmacs.
 
 ;;; Code:
 
@@ -57,26 +50,31 @@ its distinguished name WITHDN.
 Additional search parameters can be specified through
 `ldap-host-parameters-alist', which see."
   (interactive "sFilter:")
-  (if (>= emacs-major-version 22)
-      (ldap-search filter host attributes attrsonly)
-    (or host
-	(setq host ldap-default-host)
-	(error "No LDAP host specified"))
-    (let ((host-plist (cdr (assoc host ldap-host-parameters-alist)))
-	  result)
-      (setq result (smime-ldap-search-internal
-		    (append host-plist
-			    (list 'host host
-				  'filter filter
-				  'attributes attributes
-				  'attrsonly attrsonly
-				  'withdn withdn))))
-      (if ldap-ignore-attribute-codings
-	  result
-	(mapcar (function
-		 (lambda (record)
-		   (mapcar 'ldap-decode-attribute record)))
-		result)))))
+  ;; for XEmacs
+  (if (fboundp 'ldap-search-entries)
+      (ldap-search-entries filter host attributes attrsonly)
+    ;; for Emacs 22
+    (if (>= emacs-major-version 22)
+	(cdr (ldap-search filter host attributes attrsonly))
+      ;; for Emacs 21.x
+      (or host
+	  (setq host ldap-default-host)
+	  (error "No LDAP host specified"))
+      (let ((host-plist (cdr (assoc host ldap-host-parameters-alist)))
+	    result)
+	(setq result (smime-ldap-search-internal
+		      (append host-plist
+			      (list 'host host
+				    'filter filter
+				    'attributes attributes
+				    'attrsonly attrsonly
+				    'withdn withdn))))
+	(cdr (if ldap-ignore-attribute-codings
+		 result
+	       (mapcar (function
+			(lambda (record)
+			  (mapcar 'ldap-decode-attribute record)))
+		       result)))))))
 
 (defun smime-ldap-search-internal (search-plist)
   "Perform a search on a LDAP server.
Index: lisp/smime.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/smime.el,v
retrieving revision 7.11
diff -u -p -r7.11 smime.el
--- lisp/smime.el	17 May 2005 08:02:16 -0000	7.11
+++ lisp/smime.el	31 May 2005 09:17:51 -0000
@@ -578,9 +578,20 @@ A string or a list of strings is returne
 				       host '("userCertificate") nil))
 	(retbuf (generate-new-buffer (format "*certificate for %s*" mail)))
 	cert)
-    (if (> (length ldapresult) 1)
+    (if (>= (length ldapresult) 1)
 	(with-current-buffer retbuf
-	  (setq cert (base64-encode-string (nth 1 (car (nth 1 ldapresult))) t))
+	  ;; Certificates on LDAP servers _should_ be in DER format,
+	  ;; but there are some servers out there that distributes the
+	  ;; certificates in PEM format (with or without
+	  ;; header/footer) so we try to handle them anyway.
+	  (if (or (string= (substring (cadaar ldapresult) 0 27)
+			   "-----BEGIN CERTIFICATE-----")
+		  (condition-case nil
+		      (base64-decode-string (cadaar ldapresult))
+		    (error nil)))
+	      (setq cert
+		    (replace-regexp-in-string "\\(\n\||\r\\|-----BEGIN CERTIFICATE-----\\|-----END CERTIFICATE-----\\)" "" (cadaar ldapresult) t))
+	    (setq cert (base64-encode-string (cadaar ldapresult) t)))
 	  (insert "-----BEGIN CERTIFICATE-----\n")
 	  (let ((i 0) (len (length cert)))
 	    (while (> (- len 64) i)

Re: ldap cert retrieval and pem encoding

[Ulf Stegemann]

Arne Jørgensen <arne@arnested.dk> wrote:

> I have implemented the above strategy.

Great!

> I had no way to test it (except that it still works with DER encoded
> certificates).
>
> The attached patch also includes the patch for LDAP handling in XEmacs
> (from some weeks ago).

Okay, I had to change two things (s.b.) and now it works very well ... for
both PEM and DER encoded certs.

[...]

> Index: lisp/smime.el
> ===================================================================
> RCS file: /usr/local/cvsroot/gnus/lisp/smime.el,v
> retrieving revision 7.11
> diff -u -p -r7.11 smime.el
> --- lisp/smime.el	17 May 2005 08:02:16 -0000	7.11
> +++ lisp/smime.el	31 May 2005 09:17:51 -0000
> @@ -578,9 +578,20 @@ A string or a list of strings is returne
>  				       host '("userCertificate") nil))
>  	(retbuf (generate-new-buffer (format "*certificate for %s*" mail)))
>  	cert)
> -    (if (> (length ldapresult) 1)
> +    (if (>= (length ldapresult) 1)
>  	(with-current-buffer retbuf
> -	  (setq cert (base64-encode-string (nth 1 (car (nth 1 ldapresult))) t))
> +	  ;; Certificates on LDAP servers _should_ be in DER format,
> +	  ;; but there are some servers out there that distributes the
> +	  ;; certificates in PEM format (with or without
> +	  ;; header/footer) so we try to handle them anyway.
> +	  (if (or (string= (substring (cadaar ldapresult) 0 27)
> +			   "-----BEGIN CERTIFICATE-----")
> +		  (condition-case nil
> +		      (base64-decode-string (cadaar ldapresult))
> +		    (error nil)))
> +	      (setq cert
> +		    (replace-regexp-in-string "\\(\n\||\r\\|-----BEGIN CERTIFICATE-----\\|-----END CERTIFICATE-----\\)" "" (cadaar ldapresult) t))

It seems that replace-regexp-in-string is not known to xemacs but only to
emacs.  Furthermore, there's a typo in the regex ('\||\r' instead of '\\|\r').
The following replacement does the job here (XEmacs 21.4 (patch 17)):

  (replace-in-string 
   (cadaar ldapresult) 
   "\\(\n\\|\r\\|-----BEGIN CERTIFICATE-----\\|-----END CERTIFICATE-----\\)"
   "" t))

> +	    (setq cert (base64-encode-string (cadaar ldapresult) t)))
>  	  (insert "-----BEGIN CERTIFICATE-----\n")
>  	  (let ((i 0) (len (length cert)))
>  	    (while (> (- len 64) i)


Ulf

Re: ldap cert retrieval and pem encoding

[Simon Josefsson]

Ulf Stegemann <ulf@zeitform.de> writes:

> Arne Jørgensen <arne@arnested.dk> wrote:
>
>> I have implemented the above strategy.
>
> Great!

Applied to CVS.

> It seems that replace-regexp-in-string is not known to xemacs but only to
> emacs.  Furthermore, there's a typo in the regex ('\||\r' instead of '\\|\r').
> The following replacement does the job here (XEmacs 21.4 (patch 17)):
>
>   (replace-in-string 
>    (cadaar ldapresult) 
>    "\\(\n\\|\r\\|-----BEGIN CERTIFICATE-----\\|-----END CERTIFICATE-----\\)"
>    "" t))

This one too, let me know whether it works now.

Thanks!

Re: ldap cert retrieval and pem encoding

[Reiner Steib]

On Tue, May 31 2005, Simon Josefsson wrote:

> Ulf Stegemann <ulf@zeitform.de> writes:
[...]
>> It seems that replace-regexp-in-string is not known to xemacs but only to
>> emacs.  Furthermore, there's a typo in the regex ('\||\r' instead of '\\|\r').
>> The following replacement does the job here (XEmacs 21.4 (patch 17)):
>>
>>   (replace-in-string 
>>    (cadaar ldapresult) 
>>    "\\(\n\\|\r\\|-----BEGIN CERTIFICATE-----\\|-----END CERTIFICATE-----\\)"
>>    "" t))
>
> This one too, let me know whether it works now.

| -		    (replace-regexp-in-string [...]
| +		    (replace-in-string [...[

We should use `gnus-replace-in-string' for compatibility with both,
Emacs and XEmacs.  Please note the different order of the arguments.

Could someone sync the bugfixes in `smime.el' (and maybe related
changes in other files) from the trunk to the v5-10 branch, please?

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: ldap cert retrieval and pem encoding

[Ulf Stegemann]

Simon Josefsson <jas@extundo.com> wrote:

[...]

> Applied to CVS.

[...]

>>   (replace-in-string 
>>    (cadaar ldapresult) 
>>    "\\(\n\\|\r\\|-----BEGIN CERTIFICATE-----\\|-----END CERTIFICATE-----\\)"
>>    "" t))
>
> This one too, let me know whether it works now.

Yes, it works for xemacs.  I think emacs will need the original
replace-regexp-in-string instead.  My emacs does not know replace-in-string.


Ulf

Re: ldap cert retrieval and pem encoding

[Simon Josefsson]

Ulf Stegemann <ulf@zeitform.de> writes:

> Simon Josefsson <jas@extundo.com> wrote:
>
> [...]
>
>> Applied to CVS.
>
> [...]
>
>>>   (replace-in-string 
>>>    (cadaar ldapresult) 
>>>    "\\(\n\\|\r\\|-----BEGIN CERTIFICATE-----\\|-----END CERTIFICATE-----\\)"
>>>    "" t))
>>
>> This one too, let me know whether it works now.
>
> Yes, it works for xemacs.  I think emacs will need the original
> replace-regexp-in-string instead.  My emacs does not know replace-in-string.

Well, we want something that works in both.  Perhaps we could
duplicate the stuff from gnus-util.el in smime.el?  Renaming it to
smime-replace-in-string first, of course.  Better ideas welcome; I'll
install the best idea tomorrow, unless someone beats me to it.

(eval-and-compile
  (cond
   ((fboundp 'replace-in-string)
    (defalias 'gnus-replace-in-string 'replace-in-string))
   ((fboundp 'replace-regexp-in-string)
    (defun gnus-replace-in-string  (string regexp newtext &optional literal)
      "Replace all matches for REGEXP with NEWTEXT in STRING.
If LITERAL is non-nil, insert NEWTEXT literally.  Return a new
string containing the replacements.

This is a compatibility function for different Emacsen."
      (replace-regexp-in-string regexp newtext string nil literal)))))

Re: ldap cert retrieval and pem encoding

[Arne Jørgensen]

Ulf Stegemann <ulf@zeitform.de> skriver:

> Okay, I had to change two things (s.b.) and now it works very well ... for
> both PEM and DER encoded certs.

Super!

> It seems that replace-regexp-in-string is not known to xemacs but only to
> emacs.  Furthermore, there's a typo in the regex ('\||\r' instead of '\\|\r').
> The following replacement does the job here (XEmacs 21.4 (patch 17)):

Good you the typo.

With regards to Simons `smime-replace-in-string' idea I think that
will be the best way to go.

Kind regards,
-- 
Arne Jørgensen <http://arnested.dk/>

Re: ldap cert retrieval and pem encoding

[Arne Jørgensen]

Reiner Steib <reinersteib+gmane@imap.cc> writes:

> Could someone sync the bugfixes in `smime.el' (and maybe related
> changes in other files) from the trunk to the v5-10 branch, please?

Which bug fixes?

The LDAP stuff is not present in v5-10 at all and I don't think it is
a good idea to sync it to v5-10 (because the v5-10 and trunk would end
up being identical).

Kind regards,
-- 
Arne Jørgensen <http://arnested.dk/>

Re: ldap cert retrieval and pem encoding

[Simon Josefsson]

Arne Jørgensen <arne@arnested.dk> writes:

> With regards to Simons `smime-replace-in-string' idea I think that
> will be the best way to go.

Applied.