fix: some server certificates refused with inadequate type error
Resolves: #668899
This commit is contained in:
parent
660d07ac75
commit
4afcb000ed
@ -1,12 +1,12 @@
|
||||
openldap does not trust certs with Basic Constraint ext. with CA == FALSE
|
||||
|
||||
Resolves: #657984
|
||||
Upstream: ITS #6742
|
||||
Resolves: #657984, #668899
|
||||
Upstream: ITS #6742, #6791
|
||||
Author: Rich Megginson <rmeggins@redhat.com>
|
||||
|
||||
diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23/libraries/libldap/tls_m.c
|
||||
--- openldap-2.4.23/libraries/libldap/tls_m.c 2011-01-06 20:24:54.401170400 +0100
|
||||
+++ openldap-2.4.23/libraries/libldap/tls_m.c 2011-01-06 20:40:21.180097089 +0100
|
||||
--- openldap-2.4.23/libraries/libldap/tls_m.c 2011-01-20 16:06:56.461937417 +0100
|
||||
+++ openldap-2.4.23/libraries/libldap/tls_m.c 2011-01-20 16:07:58.494922870 +0100
|
||||
@@ -63,6 +63,7 @@
|
||||
#include <nss/secerr.h>
|
||||
#include <nss/keyhi.h>
|
||||
@ -65,7 +65,7 @@ diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23/libraries/
|
||||
+
|
||||
+static SECStatus
|
||||
+tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg,
|
||||
+ PRBool checksig, SECCertUsage certUsage, int errorToIgnore )
|
||||
+ PRBool checksig, SECCertificateUsage certUsage, int errorToIgnore )
|
||||
+{
|
||||
+ CERTVerifyLog verifylog;
|
||||
+ SECStatus ret = SECSuccess;
|
||||
@ -159,7 +159,7 @@ diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23/libraries/
|
||||
+tlsm_auth_cert_handler(void *arg, PRFileDesc *fd,
|
||||
+ PRBool checksig, PRBool isServer)
|
||||
+{
|
||||
+ SECCertUsage certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
|
||||
+ SECCertificateUsage certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer;
|
||||
+ SECStatus ret = SECSuccess;
|
||||
+
|
||||
+ ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, SSL_PeerCertificate( fd ),
|
||||
|
Loading…
Reference in New Issue
Block a user