From 54acca337fa2e38b9e872ac07be1e9c2236ad910 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=BA=C5=A1=20Hon=C4=9Bk?= Date: Wed, 28 Feb 2018 19:21:31 +0100 Subject: [PATCH] MozNSS Compat. Layer: CA certs extraction fail should be fatal Resolves: #1550110 --- openldap-tlsmc.patch | 5 +++-- openldap.spec | 5 ++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/openldap-tlsmc.patch b/openldap-tlsmc.patch index b498a41..405e54f 100644 --- a/openldap-tlsmc.patch +++ b/openldap-tlsmc.patch @@ -1,7 +1,7 @@ MozNSS Interception Code Author: Matus Honek -Date: Wed Jan 31 22:08:28 CET 2018 +Date: Wed Feb 21 20:04:11 CET 2018 diff --git a/configure.in b/configure.in --- a/configure.in +++ b/configure.in @@ -283,7 +283,7 @@ diff --git a/libraries/libldap/tls_mc.c b/libraries/libldap/tls_mc.c new file mode 100644 --- /dev/null +++ b/libraries/libldap/tls_mc.c -@@ -0,0 +1,1345 @@ +@@ -0,0 +1,1346 @@ +#include "portable.h" + +#ifdef HAVE_MOZNSS_COMPATIBILITY @@ -1375,6 +1375,7 @@ new file mode 100644 + Debug( LDAP_DEBUG_ANY, + "tlsmc_extract_nssdb: ERROR: could not export CA certificates.\n", + 0, 0, 0 ); ++ goto bail; + } + + if ( 0 == tlsmc_extract_cert_key_pair( *ld_cert, *ld_key, dir_name ) ) { diff --git a/openldap.spec b/openldap.spec index e56ccad..72dcf28 100644 --- a/openldap.spec +++ b/openldap.spec @@ -12,7 +12,7 @@ Name: openldap Version: 2.4.45 -Release: 11%{?dist} +Release: 12%{?dist} Summary: LDAP support libraries License: OpenLDAP URL: http://www.openldap.org/ @@ -512,6 +512,9 @@ exit 0 %{_mandir}/man3/* %changelog +* Wed Feb 28 2018 Matus Honek - 2.4.45-12 +- MozNSS Compat. Layer: fix: libldap tlsmc continues even after it fails to extract CA certificates (#1550110) + * Wed Feb 21 2018 Matus Honek - 2.4.45-11 - TLS: Use system trusted CA store by default (#1270678, #1537259)