rpms
/
openldap
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reference default system-wide CA certificates in manpages 

Resolves: #1611591
This commit is contained in:
Matúš Honěk 2018-12-17 16:46:54 +01:00
parent b325dd4ca4
commit b1a8b7f70f
2 changed files with 54 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
openldap-openssl-manpage-defaultCA.patch Normal file
View File

@ -0,0 +1,48 @@
Reference default system-wide CA certificates in manpages
OpenSSL, unless explicitly configured, uses system-wide default set of CA
certificates.
Author: Matus Honek <mhonek@redhat.com>
diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
--- a/doc/man/man5/ldap.conf.5
+++ b/doc/man/man5/ldap.conf.5
@@ -307,6 +307,9 @@ are more options you can specify. These options are used when an
.B ldaps:// URI
is selected (by default or otherwise) or when the application
negotiates TLS by issuing the LDAP StartTLS operation.
+.LP
+When using OpenSSL, if neither \fBTLS_CACERT\fP nor \fBTLS_CACERTDIR\fP
+is set, the system-wide default set of CA certificates is used.
.TP
.B TLS_CACERT <filename>
Specifies the file that contains certificates for all of the Certificate
diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5
--- a/doc/man/man5/slapd-config.5
+++ b/doc/man/man5/slapd-config.5
@@ -801,6 +801,10 @@ If
.B slapd
is built with support for Transport Layer Security, there are more options
you can specify.
+.LP
+When using OpenSSL, if neither \fBolcTLSCACertificateFile\fP nor
+\fBolcTLSCACertificatePath\fP is set, the system-wide default set of CA
+certificates is used.
.TP
.B olcTLSCipherSuite: <cipher-suite-spec>
Permits configuring what ciphers will be accepted and the preference order.
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -1032,6 +1032,10 @@ If
.B slapd
is built with support for Transport Layer Security, there are more options
you can specify.
+.LP
+When using OpenSSL, if neither \fBTLSCACertificateFile\fP nor
+\fBTLSCACertificatePath\fP is set, the system-wide default set of CA
+certificates is used.
.TP
.B TLSCipherSuite <cipher-suite-spec>
Permits configuring what ciphers will be accepted and the preference order.

7
openldap.spec
View File

@ -5,7 +5,7 @@
Name: openldap
Version: 2.4.46
Release: 9%{?dist}
Release: 10%{?dist}
Summary: LDAP support libraries
License: OpenLDAP
URL: http://www.openldap.org/
@ -37,6 +37,7 @@ Patch20: openldap-ldapi-sasl.patch
Patch21: openldap-openssl-allow-ssl3.patch
Patch22: openldap-openssl-ITS7595-Add-EC-support-1.patch
Patch23: openldap-openssl-ITS7595-Add-EC-support-2.patch
Patch24: openldap-openssl-manpage-defaultCA.patch
# check-password module specific patches
Patch90: check-password-makefile.patch
@ -116,6 +117,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
# build smbk5pwd with other overlays
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
@ -485,6 +487,9 @@ exit 0
%{_mandir}/man3/*
%changelog
* Mon Dec 17 2018 Matus Honek <mhonek@redhat.com> - 2.4.46-10
- Reference default system-wide CA certificates in manpages (#1611591)
* Mon Oct 08 2018 Matus Honek <mhonek@redhat.com> - 2.4.46-9
- Backport upstream fixes for ITS 7595 - add OpenSSL EC support (#1623495)