rpms
/
openldap
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NSS: Use what NSS considers default for DEFAULT cipher string. 

Related: #1387868
This commit is contained in:
Matúš Honěk 2017-01-26 14:48:50 +01:00
parent da1f719199
commit 22dbdbf78a
2 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
openldap-nss-ciphers-use-nss-defaults.patch Normal file
View File

@ -0,0 +1,27 @@
Use what NSS considers default for DEFAULT cipher string.
Author: Matus Honek <mhonek@redhat.com>
Resolves: #1387868
Backports: #1245279 #1300701
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@@ -645,7 +645,16 @@ nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum])
}
} else if (!strcmp(cipher, "DEFAULT")) {
for (i=0; i<ciphernum; i++) {
- cipher_list[i] = ciphers_def[i].enabled == SSL_ALLOWED ? 1 : 0;
+ PRBool enabled;
+ if (SSL_CipherPrefGetDefault(ciphers_def[i].num, &enabled) == SECSuccess) {
+ if (!(ciphers_def[i].attr & SSL_eNULL)) {
+ cipher_list[i] = enabled == SSL_ALLOWED ? 1 : 0;
+ } else {
+ cipher_list[i] = -1;
+ }
+ } else {
+ cipher_list[i] = -1;
+ }
}
} else {
int mask = 0;

7
openldap.spec
View File

@ -5,7 +5,7 @@
Name: openldap
Version: 2.4.44
Release: 5%{?dist}
Release: 6%{?dist}
Summary: LDAP support libraries
Group: System Environment/Daemons
License: OpenLDAP
@ -50,6 +50,7 @@ Patch22: openldap-nss-protocol-version-new-api.patch
Patch50: openldap-nss-cipher-attributes.patch
Patch51: openldap-nss-ciphers-parsing.patch
Patch52: openldap-nss-ciphers-use-nss-defaults.patch
# check-password module specific patches
Patch90: check-password-makefile.patch
@ -157,6 +158,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
%patch50 -p1
%patch51 -p1
%patch52 -p1
# build smbk5pwd with other overlays
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
@ -549,6 +551,9 @@ exit 0
%{_mandir}/man3/*
%changelog
* Mon Jan 30 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-6
- NSS: Use what NSS considers default for DEFAULT cipher string (#1387868)
* Thu Jan 26 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-5
- NSS: fix: incorrect multi-keyword parsing and support new ones (#1243517)