rpms
/
openldap
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: default cipher suite is always selected 

Resolves: #828790
This commit is contained in:
Jan Vcelak 2012-06-27 14:10:28 +02:00
parent 916cbca281
commit 397ce0c946
2 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
openldap-nss-default-cipher-suite-always-selected.patch Normal file
View File

@ -0,0 +1,34 @@
MozNSS: default cipher suite always selected
Author: Tim Strobell <tim.strobell.ctr@nrl.navy.mil>
Upstream ITS: #7285
Upstream commit: 2c2bb2e7aee1b2167f383a8344985a1cf66aff3f
Resolves: #828790
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
index 23d843c..b608551 100644
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@@ -2218,12 +2218,13 @@ tlsm_deferred_ctx_init( void *arg )
return -1;
}
- if ( lt->lt_ciphersuite &&
- tlsm_parse_ciphers( ctx, lt->lt_ciphersuite )) {
- Debug( LDAP_DEBUG_ANY,
- "TLS: could not set cipher list %s.\n",
- lt->lt_ciphersuite, 0, 0 );
- return -1;
+ if ( lt->lt_ciphersuite ) {
+ if ( tlsm_parse_ciphers( ctx, lt->lt_ciphersuite ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not set cipher list %s.\n",
+ lt->lt_ciphersuite, 0, 0 );
+ return -1;
+ }
} else if ( tlsm_parse_ciphers( ctx, "DEFAULT" ) ) {
Debug( LDAP_DEBUG_ANY,
"TLS: could not set cipher list DEFAULT.\n",
--
1.7.10.4

3
openldap.spec
View File

@ -44,6 +44,7 @@ Patch12: openldap-tls-unbind-shutdown-order.patch
Patch13: openldap-nss-dont-overwrite-verify-cert-error.patch
Patch14: openldap-nss-clean-memory-for-token-pin.patch
Patch15: openldap-cve-nss-cipher-suite-ignored.patch
Patch16: openldap-nss-default-cipher-suite-always-selected.patch
# Fedora specific patches
Patch100: openldap-fedora-systemd.patch
@ -155,6 +156,7 @@ pushd openldap-%{version}
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch100 -p1
@ -673,6 +675,7 @@ exit 0
- fix: reading pin from file can make all TLS connections hang (#829317)
- CVE-2012-2668: cipher suite selection by name can be ignored (#825875)
- fix: slapd fails to start on reboot (#829272)
- fix: default cipher suite is always selected (#828790)
* Fri May 18 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-2
- fix: nss-tools package is required by the base package, not the server subpackage