Репозиторий Sisyphus
Последнее обновление: 1 октября 2023 | Пакетов: 18631 | Посещений: 37046498
en ru br
Репозитории ALT
S:2.6.4-alt1
5.1: 2.3.43-alt2.3
4.1: 2.3.41-alt3.M41.3
4.0: 2.3.35-alt1.M40.1
3.0: 2.2.27-alt1.1
www.altlinux.org/Changes

Группа :: Система/Серверы
Пакет: openldap

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

Патч: openldap-2.4.31-rh-nss-allow-ca-dbdir-pemfile.patch
Скачать


MozNSS: allow CA certdb together with PEM CA bundle file
Prior to this patch, if TLS_CACERTDIR was set to Mozilla NSS certificate
database and TLS_CACERT was set to a PEM bundle file with CA
certificates, the PEM file content was not loaded.
With this patch and the same settings, OpenLDAP can verify certificates
which are signed by CAs stored both in certdb and PEM bundle file.
Author: Jan Vcelak <jvcelak@redhat.com>
Resolves: #819536
Upstream ITS: #7276
---
 libraries/libldap/tls_m.c |   16 +++++++++++++---
 1 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
index 50c03dd..23d843c 100644
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@@ -1683,18 +1683,28 @@ tlsm_deferred_init( void *arg )
 			ctx->tc_initctx = initctx;
 #endif
 
+		}
+
+		if ( errcode || lt->lt_cacertfile ) {
 			/* initialize the PEM module */
 			LDAP_MUTEX_LOCK( &tlsm_init_mutex );
 			if ( tlsm_init_pem_module() ) {
 				LDAP_MUTEX_UNLOCK( &tlsm_init_mutex );
-				errcode = PORT_GetError();
+				int pem_errcode = PORT_GetError();
 				Debug( LDAP_DEBUG_ANY,
 					   "TLS: could not initialize moznss PEM module - error %d:%s.\n",
-					   errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), 0 );
-				return -1;
+					   pem_errcode, PR_ErrorToString( pem_errcode, PR_LANGUAGE_I_DEFAULT ), 0 );
+
+				if ( errcode ) /* PEM is required */
+					return -1;
+
+			} else if ( !errcode ) {
+				tlsm_init_ca_certs( ctx, lt->lt_cacertfile, NULL );
 			}
 			LDAP_MUTEX_UNLOCK( &tlsm_init_mutex );
+		}
 
+		if ( errcode ) {
 			if ( tlsm_init_ca_certs( ctx, lt->lt_cacertfile, lt->lt_cacertdir ) ) {
 				/* if we tried to use lt->lt_cacertdir as an NSS key/cert db, errcode 
 				   will be a value other than 1 - print an error message so that the
-- 
1.7.7.6
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin