fix update: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR

Resolves: #857455
This commit is contained in:
Jan Vcelak 2012-10-31 12:50:15 +01:00
parent 17508fb68c
commit 4b460cc8c8
2 changed files with 18 additions and 13 deletions

View File

@ -11,12 +11,8 @@ Author: Jan Vcelak <jvcelak@redhat.com>
Upstream ITS: #7389 Upstream ITS: #7389
Resolves: #857455 Resolves: #857455
---
libraries/libldap/tls_m.c | 33 ++++++++++++++++++++-------------
1 file changed, 20 insertions(+), 13 deletions(-)
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
index 61d71d4..49a3f8f 100644 index 61d71d4..f15f0bc 100644
--- a/libraries/libldap/tls_m.c --- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c +++ b/libraries/libldap/tls_m.c
@@ -1412,7 +1412,7 @@ tlsm_ctx_load_private_key( tlsm_ctx *ctx ) @@ -1412,7 +1412,7 @@ tlsm_ctx_load_private_key( tlsm_ctx *ctx )
@ -56,16 +52,23 @@ index 61d71d4..49a3f8f 100644
char *tmp_certname; char *tmp_certname;
if ( tlsm_is_tokenname_certnick( lt->lt_certfile )) { if ( tlsm_is_tokenname_certnick( lt->lt_certfile )) {
@@ -2382,9 +2374,24 @@ tlsm_deferred_ctx_init( void *arg ) @@ -2382,8 +2374,31 @@ tlsm_deferred_ctx_init( void *arg )
Debug( LDAP_DEBUG_ANY, Debug( LDAP_DEBUG_ANY,
"TLS: error: the certificate '%s' could not be found in the database - error %d:%s.\n", "TLS: error: the certificate '%s' could not be found in the database - error %d:%s.\n",
lt->lt_certfile, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); lt->lt_certfile, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
- return -1; + }
} + }
}
+ +
+ /* fallback to PEM module (lt_certfile is filename) */ + /* fallback to PEM module (lt_certfile is filename) */
+ if ( !ctx->tc_certificate && pem_module ) { + if ( !ctx->tc_certificate ) {
+ if ( !pem_module && tlsm_init_pem_module() ) {
+ int pem_errcode = PORT_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: fallback to PEM impossible, module cannot be loaded - error %d:%s.\n",
+ pem_errcode, PR_ErrorToString( pem_errcode, PR_LANGUAGE_I_DEFAULT ), 0 );
return -1;
}
+
+ /* this sets ctx->tc_certificate to the correct value */ + /* this sets ctx->tc_certificate to the correct value */
+ if ( !tlsm_add_cert_from_file( ctx, lt->lt_certfile, PR_FALSE ) ) { + if ( !tlsm_add_cert_from_file( ctx, lt->lt_certfile, PR_FALSE ) ) {
+ ctx->tc_using_pem = PR_TRUE; + ctx->tc_using_pem = PR_TRUE;
@ -78,10 +81,9 @@ index 61d71d4..49a3f8f 100644
+ ctx->tc_using_pem ? "PEM file" : "moznss database", 0); + ctx->tc_using_pem ? "PEM file" : "moznss database", 0);
+ } else { + } else {
+ return -1; + return -1;
+ } }
} }
if ( lt->lt_keyfile ) {
-- --
1.7.11.7 1.7.11.7

View File

@ -8,7 +8,7 @@
Name: openldap Name: openldap
Version: 2.4.33 Version: 2.4.33
Release: 2%{?dist} Release: 3%{?dist}
Summary: LDAP support libraries Summary: LDAP support libraries
Group: System Environment/Daemons Group: System Environment/Daemons
License: OpenLDAP License: OpenLDAP
@ -620,6 +620,9 @@ exit 0
%{evolution_connector_prefix}/ %{evolution_connector_prefix}/
%changelog %changelog
* Wed Oct 31 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.33-3
- fix update: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR (#857455)
* Fri Oct 12 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.33-2 * Fri Oct 12 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.33-2
- fix: slapd with rwm overlay segfault following ldapmodify (#865685) - fix: slapd with rwm overlay segfault following ldapmodify (#865685)