#endif
"( OLcfgGlAt:99 NAME 'olcTLSCertificateKey' "
"DESC 'X.509 privateKey, must use ;binary' "
- "EQUALITY privateKeyMatch "
- "SYNTAX 1.3.6.1.4.1.4203.666.2.13 SINGLE-VALUE )", NULL, NULL },
+ "SUP pKCS8PrivateKey SINGLE-VALUE )", NULL, NULL },
{ "TLSCertificateKeyFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CERT_KEY|ARG_STRING|ARG_MAGIC, &config_tls_option,
tag = ber_skip_tag( ber, &len ); /* Sequence */
if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
tag = ber_peek_tag( ber, &len );
- if ( tag != LBER_INTEGER ) return LDAP_INVALID_SYNTAX;
- tag = ber_get_int( ber, &version );
- tag = ber_skip_tag( ber, &len ); /* AlgorithmIdentifier */
- if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
- ber_skip_data( ber, len );
- tag = ber_skip_tag( ber, &len ); /* PrivateKey */
- if ( tag != LBER_OCTETSTRING ) return LDAP_INVALID_SYNTAX;
- ber_skip_data( ber, len );
- tag = ber_skip_tag( ber, &len );
- if ( tag == LBER_SET ) { /* Optional Attributes */
+ if ( tag != LBER_INTEGER ) {
+ /* might be an encrypted key */
+ if ( tag == LBER_SEQUENCE ) { /* encryptionAlgorithm */
+ ber_skip_data( ber, len );
+ tag = ber_skip_tag( ber, &len ); /* encryptedData */
+ if ( tag != LBER_OCTETSTRING ) return LDAP_INVALID_SYNTAX;
+ ber_skip_data( ber, len );
+ } else
+ return LDAP_INVALID_SYNTAX;
+ } else {
+ tag = ber_get_int( ber, &version );
+ tag = ber_skip_tag( ber, &len ); /* AlgorithmIdentifier */
+ if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+ ber_skip_data( ber, len );
+ tag = ber_skip_tag( ber, &len ); /* PrivateKey */
+ if ( tag != LBER_OCTETSTRING ) return LDAP_INVALID_SYNTAX;
ber_skip_data( ber, len );
tag = ber_skip_tag( ber, &len );
+ if ( tag == LBER_SET ) { /* Optional Attributes */
+ ber_skip_data( ber, len );
+ tag = ber_skip_tag( ber, &len );
+ }
}
/* Must be at end now */
SLAP_SYNTAX_HIDE, NULL, authzValidate, authzPretty},
/* PKCS#8 Private Keys for X.509 certificates */
- {"( 1.3.6.1.4.1.4203.666.2.13 DESC 'OpenLDAP privateKey' )",
+ {"( 1.2.840.113549.1.8.1.1 DESC 'PKCS#8 PrivateKeyInfo' )",
SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, NULL, privateKeyValidate, NULL},
{NULL, 0, NULL, NULL, NULL}
};
NULL},
{"( 1.3.6.1.4.1.4203.666.4.13 NAME 'privateKeyMatch' "
- "SYNTAX 1.3.6.1.4.1.4203.666.2.13 )", /* OpenLDAP privateKey */
+ "SYNTAX 1.2.840.113549.1.8.1.1 )", /* PKCS#8 privateKey */
SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
NULL, NULL, octetStringMatch,
NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_seeAlso) },
- { "x509PrivateKey", "( 1.3.6.1.4.1.4203.666.1.60 "
- "NAME 'x509PrivateKey' "
- "DESC 'X.509 private key, use ;binary' "
+ { "pKCS8PrivateKey", "( 1.3.6.1.4.1.4203.666.1.60 "
+ "NAME 'pKCS8PrivateKey' "
+ "DESC 'PKCS#8 PrivateKeyInfo, use ;binary' "
"EQUALITY privateKeyMatch "
- "SYNTAX 1.3.6.1.4.1.4203.666.2.13 )",
+ "SYNTAX 1.2.840.113549.1.8.1.1 )",
NULL, 0,
NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
- offsetof(struct slap_internal_schema, si_ad_x509PrivateKey) },
+ offsetof(struct slap_internal_schema, si_ad_pKCS8PrivateKey) },
{ NULL, NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0 }
};
projects / thirdparty / openldap.git / commitdiff
