From: "Arne Jørgensen" <arne@arnested.dk>
Cc: Ulf Stegemann <ulf@zeitform.de>, Simon Josefsson <simon@josefsson.org>
Subject: Re: ldap cert retrieval and pem encoding
Date: Fri, 27 May 2005 00:31:14 +0200 [thread overview]
Message-ID: <87wtpkbzyz.fsf@arnested.dk> (raw)
In-Reply-To: <zf.upn64x9uekt.fsf@zeitform.de> (Ulf Stegemann's message of "Tue, 24 May 2005 12:02:26 +0200")
Ulf Stegemann <ulf@zeitform.de> writes:
> XEmacs 21.4 (patch 17) "Jumbo Shrimp" [Lucid] (i686-pc-linux, Mule),
> No Gnus v0.4
>
> The ldap server I use stores s/mime certificates either in DER or in PEM
> format. smime-ldap retrieves only DER encoded certificates correctly. PEM
> encoded certificates are fetched, too, but the resulting tmp file/buffer does
> not contain the correct cert only something that looks like a cert.
>
> Can anyone confirm this behaviour or is it a local problem?
Was this with or without the patch i posted here some weeks ago?
<http://article.gmane.org/gmane.emacs.gnus.general/60203>
I didn't think it would be possible to retrieve a certificate via LDAP
in XEmacs without this patch. On the other hand LDAP in Emacs/XEmacs
is weird, so ...
I've read somewhere that certificates published via LDAP _should_
always be in DER format. But your LDAP server is probably not the only
server out there delivering in PEM format so we should maybe support
this anyway.
Is there some way to identify that the certificate is in PEM format?
Could you try to issue a command line like:
ldapsearch -x -t -h LDAPSERVER -b SEARCHBASE "mail=your@address.com" "userCertificate"
and have a look at whether the userCertificate attribute is reported
as userCertificate or userCertificate;binary?
And look whether the retrieved certificate contains the PEM header and
footer? (-----BEGIN CERTIFICATE-----)
Kind regards,
--
Arne Jørgensen <http://arnested.dk/>
next prev parent reply other threads:[~2005-05-26 22:31 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-24 10:02 Ulf Stegemann
2005-05-24 14:18 ` Simon Josefsson
2005-05-26 22:31 ` Arne Jørgensen
2005-05-26 22:31 ` Arne Jørgensen [this message]
2005-05-27 15:58 ` Ulf Stegemann
2005-05-28 11:30 ` Arne Jørgensen
2005-05-28 11:53 ` Simon Josefsson
2005-05-30 8:39 ` Ulf Stegemann
2005-05-30 8:48 ` Arne Jørgensen
2005-05-31 9:33 ` Arne Jørgensen
2005-05-31 11:21 ` Ulf Stegemann
2005-05-31 11:29 ` Simon Josefsson
2005-05-31 11:48 ` Reiner Steib
2005-05-31 12:59 ` Arne Jørgensen
2005-05-31 12:01 ` Ulf Stegemann
2005-05-31 12:07 ` Simon Josefsson
2005-05-31 12:57 ` Arne Jørgensen
2005-05-31 13:13 ` Simon Josefsson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wtpkbzyz.fsf@arnested.dk \
--to=arne@arnested.dk \
--cc=simon@josefsson.org \
--cc=ulf@zeitform.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).