From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/60359 Path: news.gmane.org!not-for-mail From: =?utf-8?Q?Arne_J=C3=B8rgensen?= Newsgroups: gmane.emacs.gnus.general Subject: Re: ldap cert retrieval and pem encoding Date: Fri, 27 May 2005 00:31:14 +0200 Organization: Arne Joergensen -- http://arnested.dk/ Message-ID: <87oeaxaabx.fsf@arnested.dk> References: NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Trace: sea.gmane.org 1117212500 7899 80.91.229.2 (27 May 2005 16:48:20 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 27 May 2005 16:48:20 +0000 (UTC) Cc: Ulf Stegemann , Simon Josefsson Original-X-From: ding-owner+M8884@lists.math.uh.edu Fri May 27 18:48:15 2005 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by ciao.gmane.org with esmtp (Exim 4.43) id 1DbhyK-0005Fx-KC for ding-account@gmane.org; Fri, 27 May 2005 18:46:09 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu ident=lists) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1DbhyO-0005rg-00; Fri, 27 May 2005 11:46:12 -0500 Original-Received: from util2.math.uh.edu ([129.7.128.23]) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1DbQwA-0002ua-00 for ding@lists.math.uh.edu; Thu, 26 May 2005 17:34:46 -0500 Original-Received: from quimby.gnus.org ([80.91.224.244]) by util2.math.uh.edu with esmtp (Exim 4.30) id 1DbQw6-00074d-U7 for ding@lists.math.uh.edu; Thu, 26 May 2005 17:34:43 -0500 Original-Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1DbQw5-0000kz-00 for ; Fri, 27 May 2005 00:34:41 +0200 Original-Received: from list by ciao.gmane.org with local (Exim 4.43) id 1DbQsk-0000qP-GS for ding@gnus.org; Fri, 27 May 2005 00:31:15 +0200 Original-Received: from 213.237.94.152 ([213.237.94.152]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 27 May 2005 00:31:14 +0200 Original-Received: from arne by 213.237.94.152 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 27 May 2005 00:31:14 +0200 X-Injected-Via-Gmane: http://gmane.org/ Original-To: ding@gnus.org Original-Lines: 39 Original-X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: 213.237.94.152 X-Face: 5t,7/Y$&<1A_t.$vC2{pWZ{m@3_06;kcm]no{hgEL/}Uz(>XV6cl4}xO\v?-h3%>znNaZtq `~rf,GY1T%r=a.zH`hOb(-]'x)nI088Z&|e;V^h;/TShou User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) Cancel-Lock: sha1:ERICFf0Ugqs5FUsx/OXKreOKaug= X-Spam-Score: -4.9 (----) Precedence: bulk Original-Sender: ding-owner@lists.math.uh.edu Xref: news.gmane.org gmane.emacs.gnus.general:60359 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:60359 Ulf Stegemann writes: > XEmacs 21.4 (patch 17) "Jumbo Shrimp" [Lucid] (i686-pc-linux, Mule), > No Gnus v0.4 > > The ldap server I use stores s/mime certificates either in DER or in PEM > format. smime-ldap retrieves only DER encoded certificates correctly. PEM > encoded certificates are fetched, too, but the resulting tmp file/buffer does > not contain the correct cert only something that looks like a cert. > > Can anyone confirm this behaviour or is it a local problem? Was this with or without the patch i posted here some weeks ago? I didn't think it would be possible to retrieve a certificate via LDAP in XEmacs without this patch. On the other hand LDAP in Emacs/XEmacs is weird, so ... I've read somewhere that certificates published via LDAP _should_ always be in DER format. But your LDAP server is probably not the only server out there delivering in PEM format so we should maybe support this anyway. Is there some way to identify that the certificate is in PEM format? Could you try to issue a command line like: ldapsearch -x -t -h LDAPSERVER -b SEARCHBASE "mail=your@address.com" "userCertificate" and have a look at whether the userCertificate attribute is reported as userCertificate or userCertificate;binary? And look whether the retrieved certificate contains the PEM header and footer? (-----BEGIN CERTIFICATE-----) Kind regards, -- Arne Jørgensen