fix update: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR
Resolves: #857455
This commit is contained in:
parent
17508fb68c
commit
4b460cc8c8
@ -11,12 +11,8 @@ Author: Jan Vcelak <jvcelak@redhat.com>
|
|||||||
Upstream ITS: #7389
|
Upstream ITS: #7389
|
||||||
Resolves: #857455
|
Resolves: #857455
|
||||||
|
|
||||||
---
|
|
||||||
libraries/libldap/tls_m.c | 33 ++++++++++++++++++++-------------
|
|
||||||
1 file changed, 20 insertions(+), 13 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
||||||
index 61d71d4..49a3f8f 100644
|
index 61d71d4..f15f0bc 100644
|
||||||
--- a/libraries/libldap/tls_m.c
|
--- a/libraries/libldap/tls_m.c
|
||||||
+++ b/libraries/libldap/tls_m.c
|
+++ b/libraries/libldap/tls_m.c
|
||||||
@@ -1412,7 +1412,7 @@ tlsm_ctx_load_private_key( tlsm_ctx *ctx )
|
@@ -1412,7 +1412,7 @@ tlsm_ctx_load_private_key( tlsm_ctx *ctx )
|
||||||
@ -56,16 +52,23 @@ index 61d71d4..49a3f8f 100644
|
|||||||
char *tmp_certname;
|
char *tmp_certname;
|
||||||
|
|
||||||
if ( tlsm_is_tokenname_certnick( lt->lt_certfile )) {
|
if ( tlsm_is_tokenname_certnick( lt->lt_certfile )) {
|
||||||
@@ -2382,9 +2374,24 @@ tlsm_deferred_ctx_init( void *arg )
|
@@ -2382,8 +2374,31 @@ tlsm_deferred_ctx_init( void *arg )
|
||||||
Debug( LDAP_DEBUG_ANY,
|
Debug( LDAP_DEBUG_ANY,
|
||||||
"TLS: error: the certificate '%s' could not be found in the database - error %d:%s.\n",
|
"TLS: error: the certificate '%s' could not be found in the database - error %d:%s.\n",
|
||||||
lt->lt_certfile, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
|
lt->lt_certfile, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
|
||||||
- return -1;
|
+ }
|
||||||
}
|
+ }
|
||||||
}
|
|
||||||
+
|
+
|
||||||
+ /* fallback to PEM module (lt_certfile is filename) */
|
+ /* fallback to PEM module (lt_certfile is filename) */
|
||||||
+ if ( !ctx->tc_certificate && pem_module ) {
|
+ if ( !ctx->tc_certificate ) {
|
||||||
|
+ if ( !pem_module && tlsm_init_pem_module() ) {
|
||||||
|
+ int pem_errcode = PORT_GetError();
|
||||||
|
+ Debug( LDAP_DEBUG_ANY,
|
||||||
|
+ "TLS: fallback to PEM impossible, module cannot be loaded - error %d:%s.\n",
|
||||||
|
+ pem_errcode, PR_ErrorToString( pem_errcode, PR_LANGUAGE_I_DEFAULT ), 0 );
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
+
|
||||||
+ /* this sets ctx->tc_certificate to the correct value */
|
+ /* this sets ctx->tc_certificate to the correct value */
|
||||||
+ if ( !tlsm_add_cert_from_file( ctx, lt->lt_certfile, PR_FALSE ) ) {
|
+ if ( !tlsm_add_cert_from_file( ctx, lt->lt_certfile, PR_FALSE ) ) {
|
||||||
+ ctx->tc_using_pem = PR_TRUE;
|
+ ctx->tc_using_pem = PR_TRUE;
|
||||||
@ -78,10 +81,9 @@ index 61d71d4..49a3f8f 100644
|
|||||||
+ ctx->tc_using_pem ? "PEM file" : "moznss database", 0);
|
+ ctx->tc_using_pem ? "PEM file" : "moznss database", 0);
|
||||||
+ } else {
|
+ } else {
|
||||||
+ return -1;
|
+ return -1;
|
||||||
+ }
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( lt->lt_keyfile ) {
|
|
||||||
--
|
--
|
||||||
1.7.11.7
|
1.7.11.7
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
|
|
||||||
Name: openldap
|
Name: openldap
|
||||||
Version: 2.4.33
|
Version: 2.4.33
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: LDAP support libraries
|
Summary: LDAP support libraries
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
License: OpenLDAP
|
License: OpenLDAP
|
||||||
@ -620,6 +620,9 @@ exit 0
|
|||||||
%{evolution_connector_prefix}/
|
%{evolution_connector_prefix}/
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Oct 31 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.33-3
|
||||||
|
- fix update: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR (#857455)
|
||||||
|
|
||||||
* Fri Oct 12 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.33-2
|
* Fri Oct 12 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.33-2
|
||||||
- fix: slapd with rwm overlay segfault following ldapmodify (#865685)
|
- fix: slapd with rwm overlay segfault following ldapmodify (#865685)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user