fix: slapd segfaults when PEM certificate is used and key is not set

Resolves: #772890

openldap-nss-segfault-key-not-set.patch

@@ -0,0 +1,22 @@
+MozNSS + PEM: fix segfault when TLS certificate key is not set
+
+Upstream ITS: #7135
+Upstream commit: 1107103dd7e767db9c080b3276cb6e742fcf36a1
+Resolves: #772890
+Author: Jan Vcelak <jvcelak@redhat.com>
+
+diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
+index 09348b7..da230c5 100644
+--- a/libraries/libldap/tls_m.c
++++ b/libraries/libldap/tls_m.c
+@@ -2267,8 +2267,8 @@ tlsm_deferred_ctx_init( void *arg )
+ 		}
+ 	} else { /* set up secure server */
+ 		SSLKEAType certKEA;
+-		CERTCertificate *serverCert;
+-		SECKEYPrivateKey *serverKey;
++		CERTCertificate *serverCert = NULL;
++		SECKEYPrivateKey *serverKey = NULL;
+ 		SECStatus status;
+ 
+ 		/* must have a certificate for the server to use */

openldap.spec

@@ -34,6 +34,7 @@ Patch6: openldap-userconfig-setgid.patch
 Patch7: openldap-dns-priority.patch
 Patch8: openldap-syncrepl-unset-tls-options.patch
 Patch9: openldap-nss-deferred-init-copy-params.patch
+Patch10: openldap-nss-segfault-key-not-set.patch
 
 # Fedora specific patches
 Patch100: openldap-fedora-systemd.patch
@@ -136,6 +137,7 @@ pushd openldap-%{version}
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
 
 %patch100 -p1
 
@@ -653,6 +655,7 @@ exit 0
 %changelog
 * Tue Jan 31 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.28-3
 - fix: replication (syncrepl) with TLS causes segfault (#783431)
+- fix: slapd segfaults when PEM certificate is used and key is not set (#772890)
 
 * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.28-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild