diff --git a/openldap-nss-certs-from-certdb-fallback-pem.patch b/openldap-nss-certs-from-certdb-fallback-pem.patch index 6a81d94..d58b76a 100644 --- a/openldap-nss-certs-from-certdb-fallback-pem.patch +++ b/openldap-nss-certs-from-certdb-fallback-pem.patch @@ -11,12 +11,8 @@ Author: Jan Vcelak Upstream ITS: #7389 Resolves: #857455 ---- - libraries/libldap/tls_m.c | 33 ++++++++++++++++++++------------- - 1 file changed, 20 insertions(+), 13 deletions(-) - diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c -index 61d71d4..49a3f8f 100644 +index 61d71d4..f15f0bc 100644 --- a/libraries/libldap/tls_m.c +++ b/libraries/libldap/tls_m.c @@ -1412,7 +1412,7 @@ tlsm_ctx_load_private_key( tlsm_ctx *ctx ) @@ -56,16 +52,23 @@ index 61d71d4..49a3f8f 100644 char *tmp_certname; if ( tlsm_is_tokenname_certnick( lt->lt_certfile )) { -@@ -2382,9 +2374,24 @@ tlsm_deferred_ctx_init( void *arg ) +@@ -2382,8 +2374,31 @@ tlsm_deferred_ctx_init( void *arg ) Debug( LDAP_DEBUG_ANY, "TLS: error: the certificate '%s' could not be found in the database - error %d:%s.\n", lt->lt_certfile, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); -- return -1; - } - } ++ } ++ } + + /* fallback to PEM module (lt_certfile is filename) */ -+ if ( !ctx->tc_certificate && pem_module ) { ++ if ( !ctx->tc_certificate ) { ++ if ( !pem_module && tlsm_init_pem_module() ) { ++ int pem_errcode = PORT_GetError(); ++ Debug( LDAP_DEBUG_ANY, ++ "TLS: fallback to PEM impossible, module cannot be loaded - error %d:%s.\n", ++ pem_errcode, PR_ErrorToString( pem_errcode, PR_LANGUAGE_I_DEFAULT ), 0 ); + return -1; + } ++ + /* this sets ctx->tc_certificate to the correct value */ + if ( !tlsm_add_cert_from_file( ctx, lt->lt_certfile, PR_FALSE ) ) { + ctx->tc_using_pem = PR_TRUE; @@ -78,10 +81,9 @@ index 61d71d4..49a3f8f 100644 + ctx->tc_using_pem ? "PEM file" : "moznss database", 0); + } else { + return -1; -+ } + } } - if ( lt->lt_keyfile ) { -- 1.7.11.7 diff --git a/openldap.spec b/openldap.spec index 2975b8e..2344d51 100644 --- a/openldap.spec +++ b/openldap.spec @@ -8,7 +8,7 @@ Name: openldap Version: 2.4.33 -Release: 2%{?dist} +Release: 3%{?dist} Summary: LDAP support libraries Group: System Environment/Daemons License: OpenLDAP @@ -620,6 +620,9 @@ exit 0 %{evolution_connector_prefix}/ %changelog +* Wed Oct 31 2012 Jan Vcelak 2.4.33-3 +- fix update: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR (#857455) + * Fri Oct 12 2012 Jan Vcelak 2.4.33-2 - fix: slapd with rwm overlay segfault following ldapmodify (#865685)