fix: MozNSS certificate database in SQL format cannot be used
Resolves: #857390
This commit is contained in:
		
							parent
							
								
									060a306e1e
								
							
						
					
					
						commit
						557bf01306
					
				
							
								
								
									
										31
									
								
								openldap-nss-ignore-certdb-sql-prefix.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										31
									
								
								openldap-nss-ignore-certdb-sql-prefix.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,31 @@ | |||||||
|  | MozNSS: ignore certdb 'sql:' prefix when testing existence of the directory | ||||||
|  | 
 | ||||||
|  | If the certdb uses newer SQL format, the certificate directory name starts with 'sql:'. This prefix has to be ignored | ||||||
|  | when testing certificate directory existence. | ||||||
|  | 
 | ||||||
|  | Author: Jan Vcelak <jvcelak@redhat.com> | ||||||
|  | Upstream ITS: #7388 | ||||||
|  | Resolves: #857390 | ||||||
|  | 
 | ||||||
|  | diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
 | ||||||
|  | index 61d71d4..80fa4f1 100644
 | ||||||
|  | --- a/libraries/libldap/tls_m.c
 | ||||||
|  | +++ b/libraries/libldap/tls_m.c
 | ||||||
|  | @@ -1643,7 +1643,13 @@ tlsm_get_certdb_prefix( const char *certdir, char **realcertdir, char **prefix )
 | ||||||
|  |  		return; | ||||||
|  |  	} | ||||||
|  |   | ||||||
|  | -	prc = PR_GetFileInfo( certdir, &prfi );
 | ||||||
|  | +	/* ignore sql: prefix if provided */
 | ||||||
|  | +	if ( strncmp( "sql:", certdir, 4 ) == 0 ) {
 | ||||||
|  | +		prc = PR_GetFileInfo( certdir + 4, &prfi );
 | ||||||
|  | +	} else {
 | ||||||
|  | +		prc = PR_GetFileInfo( certdir, &prfi );
 | ||||||
|  | +	}
 | ||||||
|  | +
 | ||||||
|  |  	/* if certdir exists (file or directory) then it cannot specify a prefix */ | ||||||
|  |  	if ( prc == PR_SUCCESS ) { | ||||||
|  |  		return; | ||||||
|  | -- 
 | ||||||
|  | 1.7.11.4 | ||||||
|  | 
 | ||||||
| @ -45,6 +45,7 @@ Patch13: openldap-nss-allow-certname-with-token-name.patch | |||||||
| Patch14: openldap-nss-update-list-of-ciphers.patch | Patch14: openldap-nss-update-list-of-ciphers.patch | ||||||
| Patch15: openldap-tls-no-reuse-of-tls_session.patch | Patch15: openldap-tls-no-reuse-of-tls_session.patch | ||||||
| Patch16: openldap-nss-regex-search-hashed-cacert-dir.patch | Patch16: openldap-nss-regex-search-hashed-cacert-dir.patch | ||||||
|  | Patch17: openldap-nss-ignore-certdb-sql-prefix.patch | ||||||
| 
 | 
 | ||||||
| # Fedora specific patches | # Fedora specific patches | ||||||
| Patch100: openldap-autoconf-pkgconfig-nss.patch | Patch100: openldap-autoconf-pkgconfig-nss.patch | ||||||
| @ -163,6 +164,7 @@ ln -s %{_includedir}/nspr4 include/nspr | |||||||
| %patch14 -p1 | %patch14 -p1 | ||||||
| %patch15 -p1 | %patch15 -p1 | ||||||
| %patch16 -p1 | %patch16 -p1 | ||||||
|  | %patch17 -p1 | ||||||
| 
 | 
 | ||||||
| %patch101 -p1 | %patch101 -p1 | ||||||
| 
 | 
 | ||||||
| @ -624,6 +626,7 @@ exit 0 | |||||||
| - fix: some TLS ciphers cannot be enabled (#852338) | - fix: some TLS ciphers cannot be enabled (#852338) | ||||||
| - fix: connection hangs after fallback to second server when certificate hostname verification fails (#852476) | - fix: connection hangs after fallback to second server when certificate hostname verification fails (#852476) | ||||||
| - fix: not all certificates in OpenSSL compatible CA certificate directory format are loaded (#852786) | - fix: not all certificates in OpenSSL compatible CA certificate directory format are loaded (#852786) | ||||||
|  | - fix: MozNSS certificate database in SQL format cannot be used (#857390) | ||||||
| 
 | 
 | ||||||
| * Mon Aug 20 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.32-2 | * Mon Aug 20 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.32-2 | ||||||
| - enhancement: TLS, prefer private keys from authenticated slots | - enhancement: TLS, prefer private keys from authenticated slots | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user