From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/60357 Path: news.gmane.org!not-for-mail From: Arne =?utf-8?Q?J=C3=B8rgensen?= Newsgroups: gmane.emacs.gnus.general Subject: Re: ldap cert retrieval and pem encoding Date: Fri, 27 May 2005 00:31:14 +0200 Organization: Arne Joergensen -- http://arnested.dk/ Message-ID: <87wtpkbzyz.fsf@arnested.dk> References: NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: sea.gmane.org 1117212463 7744 80.91.229.2 (27 May 2005 16:47:43 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 27 May 2005 16:47:43 +0000 (UTC) Cc: Ulf Stegemann , Simon Josefsson Original-X-From: ding-owner+M8886@lists.math.uh.edu Fri May 27 18:47:41 2005 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by ciao.gmane.org with esmtp (Exim 4.43) id 1DbhyJ-0005Ff-GL for ding-account@gmane.org; Fri, 27 May 2005 18:46:07 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu ident=lists) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1Dbhyz-0005si-00; Fri, 27 May 2005 11:46:49 -0500 Original-Received: from util2.math.uh.edu ([129.7.128.23]) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1DbeCW-0005C7-00 for ding@lists.math.uh.edu; Fri, 27 May 2005 07:44:32 -0500 Original-Received: from quimby.gnus.org ([80.91.224.244]) by util2.math.uh.edu with esmtp (Exim 4.30) id 1DbeCV-0007yJ-AE for ding@lists.math.uh.edu; Fri, 27 May 2005 07:44:31 -0500 Original-Received: from daimi.au.dk ([130.225.16.1]) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1DbeCT-0001nh-00 for ; Fri, 27 May 2005 14:44:29 +0200 Original-Received: from localhost (213.237.94.152.sdsl.vbr.worldonline.dk [213.237.94.152] (may be forged)) (authenticated bits=0) by daimi.au.dk (8.12.11/8.12.11) with ESMTP id j4RCiNtP009550; Fri, 27 May 2005 14:44:24 +0200 Original-To: ding@gnus.org In-Reply-To: (Ulf Stegemann's message of "Tue, 24 May 2005 12:02:26 +0200") User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) X-Face: 5t,7/Y$&<1A_t.$vC2{pWZ{m@3_06;kcm]no{hgEL/}Uz(>XV6cl4}xO\v?-h3%>znNaZtq `~rf,GY1T%r=a.zH`hOb(-]'x)nI088Z&|e;V^h;/TShou X-DAIMI-Spam-Score: 0.703 () DATE_IN_PAST_12_24 X-Scanned-By: MIMEDefang 2.51 on 130.225.16.1 X-Spam-Score: -4.5 (----) Precedence: bulk Original-Sender: ding-owner@lists.math.uh.edu Xref: news.gmane.org gmane.emacs.gnus.general:60357 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:60357 Ulf Stegemann writes: > XEmacs 21.4 (patch 17) "Jumbo Shrimp" [Lucid] (i686-pc-linux, Mule),=20 > No Gnus v0.4 > > The ldap server I use stores s/mime certificates either in DER or in PEM > format. smime-ldap retrieves only DER encoded certificates correctly. P= EM > encoded certificates are fetched, too, but the resulting tmp file/buffer = does > not contain the correct cert only something that looks like a cert. > > Can anyone confirm this behaviour or is it a local problem? Was this with or without the patch i posted here some weeks ago? I didn't think it would be possible to retrieve a certificate via LDAP in XEmacs without this patch. On the other hand LDAP in Emacs/XEmacs is weird, so ... I've read somewhere that certificates published via LDAP _should_ always be in DER format. But your LDAP server is probably not the only server out there delivering in PEM format so we should maybe support this anyway. Is there some way to identify that the certificate is in PEM format? Could you try to issue a command line like: ldapsearch -x -t -h LDAPSERVER -b SEARCHBASE "mail=3Dyour@address.com" "use= rCertificate" and have a look at whether the userCertificate attribute is reported as userCertificate or userCertificate;binary? And look whether the retrieved certificate contains the PEM header and footer? (-----BEGIN CERTIFICATE-----) Kind regards, --=20 Arne J=C3=B8rgensen