From 557bf013065e12f44e30eb4479091b08d86d4594 Mon Sep 17 00:00:00 2001
From: Jan Vcelak <jvcelak@redhat.com>
Date: Fri, 14 Sep 2012 16:14:21 +0200
Subject: [PATCH] fix: MozNSS certificate database in SQL format cannot be used

Resolves: #857390
---
 openldap-nss-ignore-certdb-sql-prefix.patch | 31 +++++++++++++++++++++
 openldap.spec                               |  3 ++
 2 files changed, 34 insertions(+)
 create mode 100644 openldap-nss-ignore-certdb-sql-prefix.patch

diff --git a/openldap-nss-ignore-certdb-sql-prefix.patch b/openldap-nss-ignore-certdb-sql-prefix.patch
new file mode 100644
index 0000000..a96fd36
--- /dev/null
+++ b/openldap-nss-ignore-certdb-sql-prefix.patch
@@ -0,0 +1,31 @@
+MozNSS: ignore certdb 'sql:' prefix when testing existence of the directory
+
+If the certdb uses newer SQL format, the certificate directory name starts with 'sql:'. This prefix has to be ignored
+when testing certificate directory existence.
+
+Author: Jan Vcelak <jvcelak@redhat.com>
+Upstream ITS: #7388
+Resolves: #857390
+
+diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
+index 61d71d4..80fa4f1 100644
+--- a/libraries/libldap/tls_m.c
++++ b/libraries/libldap/tls_m.c
+@@ -1643,7 +1643,13 @@ tlsm_get_certdb_prefix( const char *certdir, char **realcertdir, char **prefix )
+ 		return;
+ 	}
+ 
+-	prc = PR_GetFileInfo( certdir, &prfi );
++	/* ignore sql: prefix if provided */
++	if ( strncmp( "sql:", certdir, 4 ) == 0 ) {
++		prc = PR_GetFileInfo( certdir + 4, &prfi );
++	} else {
++		prc = PR_GetFileInfo( certdir, &prfi );
++	}
++
+ 	/* if certdir exists (file or directory) then it cannot specify a prefix */
+ 	if ( prc == PR_SUCCESS ) {
+ 		return;
+-- 
+1.7.11.4
+
diff --git a/openldap.spec b/openldap.spec
index 74776f0..70a742d 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -45,6 +45,7 @@ Patch13: openldap-nss-allow-certname-with-token-name.patch
 Patch14: openldap-nss-update-list-of-ciphers.patch
 Patch15: openldap-tls-no-reuse-of-tls_session.patch
 Patch16: openldap-nss-regex-search-hashed-cacert-dir.patch
+Patch17: openldap-nss-ignore-certdb-sql-prefix.patch
 
 # Fedora specific patches
 Patch100: openldap-autoconf-pkgconfig-nss.patch
@@ -163,6 +164,7 @@ ln -s %{_includedir}/nspr4 include/nspr
 %patch14 -p1
 %patch15 -p1
 %patch16 -p1
+%patch17 -p1
 
 %patch101 -p1
 
@@ -624,6 +626,7 @@ exit 0
 - fix: some TLS ciphers cannot be enabled (#852338)
 - fix: connection hangs after fallback to second server when certificate hostname verification fails (#852476)
 - fix: not all certificates in OpenSSL compatible CA certificate directory format are loaded (#852786)
+- fix: MozNSS certificate database in SQL format cannot be used (#857390)
 
 * Mon Aug 20 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.32-2
 - enhancement: TLS, prefer private keys from authenticated slots