fix: some server certificates refused with inadequate type error
Resolves: #668899
This commit is contained in:
parent
660d07ac75
commit
4afcb000ed
@ -1,12 +1,12 @@
|
|||||||
openldap does not trust certs with Basic Constraint ext. with CA == FALSE
|
openldap does not trust certs with Basic Constraint ext. with CA == FALSE
|
||||||
|
|
||||||
Resolves: #657984
|
Resolves: #657984, #668899
|
||||||
Upstream: ITS #6742
|
Upstream: ITS #6742, #6791
|
||||||
Author: Rich Megginson <rmeggins@redhat.com>
|
Author: Rich Megginson <rmeggins@redhat.com>
|
||||||
|
|
||||||
diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23/libraries/libldap/tls_m.c
|
diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23/libraries/libldap/tls_m.c
|
||||||
--- openldap-2.4.23/libraries/libldap/tls_m.c 2011-01-06 20:24:54.401170400 +0100
|
--- openldap-2.4.23/libraries/libldap/tls_m.c 2011-01-20 16:06:56.461937417 +0100
|
||||||
+++ openldap-2.4.23/libraries/libldap/tls_m.c 2011-01-06 20:40:21.180097089 +0100
|
+++ openldap-2.4.23/libraries/libldap/tls_m.c 2011-01-20 16:07:58.494922870 +0100
|
||||||
@@ -63,6 +63,7 @@
|
@@ -63,6 +63,7 @@
|
||||||
#include <nss/secerr.h>
|
#include <nss/secerr.h>
|
||||||
#include <nss/keyhi.h>
|
#include <nss/keyhi.h>
|
||||||
@ -65,7 +65,7 @@ diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23/libraries/
|
|||||||
+
|
+
|
||||||
+static SECStatus
|
+static SECStatus
|
||||||
+tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg,
|
+tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg,
|
||||||
+ PRBool checksig, SECCertUsage certUsage, int errorToIgnore )
|
+ PRBool checksig, SECCertificateUsage certUsage, int errorToIgnore )
|
||||||
+{
|
+{
|
||||||
+ CERTVerifyLog verifylog;
|
+ CERTVerifyLog verifylog;
|
||||||
+ SECStatus ret = SECSuccess;
|
+ SECStatus ret = SECSuccess;
|
||||||
@ -159,7 +159,7 @@ diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23/libraries/
|
|||||||
+tlsm_auth_cert_handler(void *arg, PRFileDesc *fd,
|
+tlsm_auth_cert_handler(void *arg, PRFileDesc *fd,
|
||||||
+ PRBool checksig, PRBool isServer)
|
+ PRBool checksig, PRBool isServer)
|
||||||
+{
|
+{
|
||||||
+ SECCertUsage certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
|
+ SECCertificateUsage certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer;
|
||||||
+ SECStatus ret = SECSuccess;
|
+ SECStatus ret = SECSuccess;
|
||||||
+
|
+
|
||||||
+ ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, SSL_PeerCertificate( fd ),
|
+ ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, SSL_PeerCertificate( fd ),
|
||||||
|
Loading…
Reference in New Issue
Block a user