MozNSS Compat. Layer: CA certs extraction fail should be fatal

Resolves: #1550110

openldap-tlsmc.patch

@@ -1,7 +1,7 @@
 MozNSS Interception Code
 
 Author: Matus Honek <mhonek@redhat.com>
-Date: Wed Jan 31 22:08:28 CET 2018
+Date: Wed Feb 21 20:04:11 CET 2018
 diff --git a/configure.in b/configure.in
 --- a/configure.in
 +++ b/configure.in
@@ -283,7 +283,7 @@ diff --git a/libraries/libldap/tls_mc.c b/libraries/libldap/tls_mc.c
 new file mode 100644
 --- /dev/null
 +++ b/libraries/libldap/tls_mc.c
-@@ -0,0 +1,1345 @@
+@@ -0,0 +1,1346 @@
 +#include "portable.h"
 +
 +#ifdef HAVE_MOZNSS_COMPATIBILITY
@@ -1375,6 +1375,7 @@ new file mode 100644
 +		Debug( LDAP_DEBUG_ANY,
 +		       "tlsmc_extract_nssdb: ERROR: could not export CA certificates.\n",
 +		       0, 0, 0 );
++		goto bail;
 +	}
 +
 +	if ( 0 == tlsmc_extract_cert_key_pair( *ld_cert, *ld_key, dir_name ) ) {

openldap.spec

@@ -12,7 +12,7 @@
 
 Name: openldap
 Version: 2.4.45
-Release: 11%{?dist}
+Release: 12%{?dist}
 Summary: LDAP support libraries
 License: OpenLDAP
 URL: http://www.openldap.org/
@@ -512,6 +512,9 @@ exit 0
 %{_mandir}/man3/*
 
 %changelog
+* Wed Feb 28 2018 Matus Honek <mhonek@redhat.com> - 2.4.45-12
+- MozNSS Compat. Layer: fix: libldap tlsmc continues even after it fails to extract CA certificates (#1550110)
+
 * Wed Feb 21 2018 Matus Honek <mhonek@redhat.com> - 2.4.45-11
 - TLS: Use system trusted CA store by default (#1270678, #1537259)