From 3e083e8b93705601c981134b0489853848bde674 Mon Sep 17 00:00:00 2001
From: Jan Vcelak <jvcelak@redhat.com>
Date: Wed, 24 Aug 2011 19:11:54 +0200
Subject: [PATCH] fix: matching wildcard hostnames in certificate Subject field
 does not work

Resolves: #733073
---
 openldap-nss-wildcards.patch | 17 +++++++++++++++++
 openldap.spec                |  3 +++
 2 files changed, 20 insertions(+)
 create mode 100644 openldap-nss-wildcards.patch

diff --git a/openldap-nss-wildcards.patch b/openldap-nss-wildcards.patch
new file mode 100644
index 0000000..4d7a266
--- /dev/null
+++ b/openldap-nss-wildcards.patch
@@ -0,0 +1,17 @@
+matching wildcard hostnames in certificate Subject field does not work
+
+Upstream ITS: #7006
+Author: Philippe Kueck <hash_oldap@cycdolphin.net>
+Resolves: #733073
+
+--- openldap-2.4.23.orig/libraries/libldap/tls_m.c	2011-08-01 12:43:59.000000000 +0200
++++ openldap-2.4.23.orig/libraries/libldap/tls_m.c	2011-08-01 13:53:05.000000000 +0200
+@@ -2601,7 +2601,7 @@ 
+ 				if ( av->len == nlen && !strncasecmp( name, (char *)av->data, nlen )) {
+ 					ret = LDAP_SUCCESS;
+ 				} else if ( av->data[0] == '*' && av->data[1] == '.' &&
+-					domain && dlen == av->len - 1 && !strncasecmp( name,
++					domain && dlen == av->len - 1 && !strncasecmp( domain,
+ 						(char *)(av->data+1), dlen )) {
+ 					ret = LDAP_SUCCESS;
+ 				} else {
diff --git a/openldap.spec b/openldap.spec
index 298634d..dd1d3f3 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -37,6 +37,7 @@ Patch11: openldap-nss-memleak-free-certs.patch
 Patch12: openldap-constraint-overlay-config.patch
 Patch13: openldap-dds-overlay-tolerance.patch
 Patch14: openldap-man-slapo-unique.patch
+Patch15: openldap-nss-wildcards.patch
 
 # patches for the evolution library (see README.evolution)
 Patch200: openldap-evolution-ntlm.patch
@@ -144,6 +145,7 @@ pushd openldap-%{version}
 %patch12 -p1 -b .constraint-overlay-config
 %patch13 -p1 -b .dds-overlay-tolerance
 %patch14 -p1 -b .man-slapo-unique
+%patch15 -p1 -b .nss-wildcards
 
 cp %{_datadir}/libtool/config/config.{sub,guess} build/
 
@@ -675,6 +677,7 @@ exit 0
 - fix: conversion of constraint overlay settings to cn=config is incorrect (#733067)
 - fix: DDS overlay tolerance parametr doesn't function and breakes default TTL (#733069)
 - manpage fix: errors in manual page slapo-unique (#733070)
+- fix: matching wildcard hostnames in certificate Subject field does not work (#733073)
 
 * Sun Aug 14 2011 Rex Dieter <rdieter@fedoraproject.org> - 2.4.26-1.1
 - Rebuilt for rpm (#728707)