rpms/openldap
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: MozNSS certificate database in SQL format cannot be used

Browse Source 
Resolves: #857390
This commit is contained in:
Jan Vcelak 2012-09-14 16:14:21 +02:00
parent 060a306e1e
commit 557bf01306
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
openldap-nss-ignore-certdb-sql-prefix.patch Normal file
View File

@ -0,0 +1,31 @@
MozNSS: ignore certdb 'sql:' prefix when testing existence of the directory
If the certdb uses newer SQL format, the certificate directory name starts with 'sql:'. This prefix has to be ignored
when testing certificate directory existence.
Author: Jan Vcelak <jvcelak@redhat.com>
Upstream ITS: #7388
Resolves: #857390
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
index 61d71d4..80fa4f1 100644
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@@ -1643,7 +1643,13 @@ tlsm_get_certdb_prefix( const char *certdir, char **realcertdir, char **prefix )
return;
}
- prc = PR_GetFileInfo( certdir, &prfi );
+ /* ignore sql: prefix if provided */
+ if ( strncmp( "sql:", certdir, 4 ) == 0 ) {
+ prc = PR_GetFileInfo( certdir + 4, &prfi );
+ } else {
+ prc = PR_GetFileInfo( certdir, &prfi );
+ }
+
/* if certdir exists (file or directory) then it cannot specify a prefix */
if ( prc == PR_SUCCESS ) {
return;
--
1.7.11.4

3
openldap.spec
View File

@ -45,6 +45,7 @@ Patch13: openldap-nss-allow-certname-with-token-name.patch
Patch14: openldap-nss-update-list-of-ciphers.patch
Patch15: openldap-tls-no-reuse-of-tls_session.patch
Patch16: openldap-nss-regex-search-hashed-cacert-dir.patch
Patch17: openldap-nss-ignore-certdb-sql-prefix.patch
# Fedora specific patches
Patch100: openldap-autoconf-pkgconfig-nss.patch
@ -163,6 +164,7 @@ ln -s %{_includedir}/nspr4 include/nspr
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch101 -p1
@ -624,6 +626,7 @@ exit 0
- fix: some TLS ciphers cannot be enabled (#852338)
- fix: connection hangs after fallback to second server when certificate hostname verification fails (#852476)
- fix: not all certificates in OpenSSL compatible CA certificate directory format are loaded (#852786)
- fix: MozNSS certificate database in SQL format cannot be used (#857390)
* Mon Aug 20 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.32-2
- enhancement: TLS, prefer private keys from authenticated slots