fix: some server certificates refused with inadequate type error

Resolves: #668899
This commit is contained in:
Jan Vcelak 2011-01-20 16:19:39 +01:00
parent 660d07ac75
commit 4afcb000ed

View File

@ -1,12 +1,12 @@
openldap does not trust certs with Basic Constraint ext. with CA == FALSE
Resolves: #657984
Upstream: ITS #6742
Resolves: #657984, #668899
Upstream: ITS #6742, #6791
Author: Rich Megginson <rmeggins@redhat.com>
diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23/libraries/libldap/tls_m.c
--- openldap-2.4.23/libraries/libldap/tls_m.c 2011-01-06 20:24:54.401170400 +0100
+++ openldap-2.4.23/libraries/libldap/tls_m.c 2011-01-06 20:40:21.180097089 +0100
--- openldap-2.4.23/libraries/libldap/tls_m.c 2011-01-20 16:06:56.461937417 +0100
+++ openldap-2.4.23/libraries/libldap/tls_m.c 2011-01-20 16:07:58.494922870 +0100
@@ -63,6 +63,7 @@
#include <nss/secerr.h>
#include <nss/keyhi.h>
@ -65,7 +65,7 @@ diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23/libraries/
+
+static SECStatus
+tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg,
+ PRBool checksig, SECCertUsage certUsage, int errorToIgnore )
+ PRBool checksig, SECCertificateUsage certUsage, int errorToIgnore )
+{
+ CERTVerifyLog verifylog;
+ SECStatus ret = SECSuccess;
@ -159,7 +159,7 @@ diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23/libraries/
+tlsm_auth_cert_handler(void *arg, PRFileDesc *fd,
+ PRBool checksig, PRBool isServer)
+{
+ SECCertUsage certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
+ SECCertificateUsage certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer;
+ SECStatus ret = SECSuccess;
+
+ ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, SSL_PeerCertificate( fd ),