If CERT_CompareRDN finds an attribute type in the first RDN that is not also present in the second RDN, it returns SECEqual, which signifies that the two names matched. This bug was introduced in rev 1.21 of secname.c, which was a fix for Bug 210584. It affects only the trunk. One-line patch forthcoming.
Created attachment 297850 [details] [diff] [review] patch v1 This should fix it. Julien, please review.
Correction: The checkin comment was wrong. The bug introduced in rev 1.21 was a consequence of a fix for bug 372242.
Checking in lib/certdb/secname.c; new revision: 1.23; previous revision: 1.22