From 32c688fc277292ef000ec087dfb892419a732daa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=BA=C5=A1=20Hon=C4=9Bk?= Date: Fri, 31 Mar 2017 17:08:11 +0200 Subject: [PATCH] NSS: Maximal TLS protocol version should be equal to NSS default Related: #1435689 --- openldap-nss-protocol-version-new-api.patch | 4 ++-- openldap.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/openldap-nss-protocol-version-new-api.patch b/openldap-nss-protocol-version-new-api.patch index 0ee0ec2..8a5efa7 100644 --- a/openldap-nss-protocol-version-new-api.patch +++ b/openldap-nss-protocol-version-new-api.patch @@ -37,9 +37,9 @@ diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c + default_range.min, default_range.max, 0); + } + selected_range.min = lt->lt_protocol_min; -+ selected_range.max = supported_range.max; ++ selected_range.max = default_range.max; + Debug( LDAP_DEBUG_ANY, -+ "TLS: info: TLS configured protocol minimal version is %#04x.\n", ++ "TLS: info: TLS configured protocol minimal version is %#04x, the maximal version (the NSS default) is %#04x.\n", + selected_range.min, selected_range.max, 0); + if ( (selected_range.min > supported_range.max) || + (selected_range.max < supported_range.min) ) { diff --git a/openldap.spec b/openldap.spec index 2a546bd..33833f0 100644 --- a/openldap.spec +++ b/openldap.spec @@ -5,7 +5,7 @@ Name: openldap Version: 2.4.44 -Release: 9%{?dist} +Release: 10%{?dist} Summary: LDAP support libraries Group: System Environment/Daemons License: OpenLDAP @@ -548,6 +548,9 @@ exit 0 %{_mandir}/man3/* %changelog +* Fri Mar 31 2017 Matus Honek - 2.4.44-10 +- NSS: Maximal TLS protocol version should be equal to NSS default (#1435689) + * Fri Mar 24 2017 Matus Honek - 2.4.44-9 - NSS: Enhance OpenLDAP to support TLSv1.3 protocol with NSS (#1435689)