rpms
/
openldap
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openldap/openldap-use-cacert-dir-and...

137 lines
4.4 KiB
Diff
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

TLS_CACERTDIR takes precedence over TLS_CACERTFILE
Resolves: #652304
Upstream ITS: #6704
Author: Rich Megginson (rmeggins@redhat.com)
diff -uNPrp openldap-2.4.23.old/libraries/libldap/tls_m.c openldap-2.4.23.new/libraries/libldap/tls_m.c
--- openldap-2.4.23.old/libraries/libldap/tls_m.c 2010-11-18 11:01:36.129392116 +0100
+++ openldap-2.4.23.new/libraries/libldap/tls_m.c 2010-11-18 11:02:19.466387205 +0100
@@ -1031,6 +1031,7 @@ tlsm_add_cert_from_file( tlsm_ctx *ctx,
}
if ( fi.type != PR_FILE_FILE ) {
+ PR_SetError(PR_IS_DIRECTORY_ERROR, 0);
Debug( LDAP_DEBUG_ANY,
"TLS: error: the certificate file %s is not a file.\n",
filename, 0 ,0 );
@@ -1123,6 +1124,7 @@ tlsm_add_key_from_file( tlsm_ctx *ctx, c
}
if ( fi.type != PR_FILE_FILE ) {
+ PR_SetError(PR_IS_DIRECTORY_ERROR, 0);
Debug( LDAP_DEBUG_ANY,
"TLS: error: the key file %s is not a file.\n",
filename, 0 ,0 );
@@ -1178,69 +1180,91 @@ static int
tlsm_init_ca_certs( tlsm_ctx *ctx, const char *cacertfile, const char *cacertdir )
{
PRBool isca = PR_TRUE;
+ PRStatus status = PR_FAILURE;
+ PRErrorCode errcode = PR_SUCCESS;
if ( cacertfile ) {
int rc = tlsm_add_cert_from_file( ctx, cacertfile, isca );
if ( rc ) {
- return rc;
+ errcode = PR_GetError();
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: %s is not a valid CA certificate file - error %d:%s.\n",
+ cacertfile, errcode,
+ PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS: loaded CA certificate file %s.\n",
+ cacertfile, 0, 0 );
+ status = PR_SUCCESS; /* have at least one good CA - we can proceed */
}
}
if ( cacertdir ) {
PRFileInfo fi;
- PRStatus status;
PRDir *dir;
PRDirEntry *entry;
+ PRStatus fistatus = PR_FAILURE;
memset( &fi, 0, sizeof(fi) );
- status = PR_GetFileInfo( cacertdir, &fi );
- if ( PR_SUCCESS != status) {
- PRErrorCode errcode = PR_GetError();
+ fistatus = PR_GetFileInfo( cacertdir, &fi );
+ if ( PR_SUCCESS != fistatus) {
+ errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
"TLS: could not get info about the CA certificate directory %s - error %d:%s.\n",
cacertdir, errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
- return -1;
+ goto done;
}
if ( fi.type != PR_FILE_DIRECTORY ) {
Debug( LDAP_DEBUG_ANY,
"TLS: error: the CA certificate directory %s is not a directory.\n",
cacertdir, 0 ,0 );
- return -1;
+ goto done;
}
dir = PR_OpenDir( cacertdir );
if ( NULL == dir ) {
- PRErrorCode errcode = PR_GetError();
+ errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
"TLS: could not open the CA certificate directory %s - error %d:%s.\n",
cacertdir, errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
- return -1;
+ goto done;
}
- status = -1;
do {
entry = PR_ReadDir( dir, PR_SKIP_BOTH | PR_SKIP_HIDDEN );
if ( NULL != entry ) {
char *fullpath = PR_smprintf( "%s/%s", cacertdir, entry->name );
if ( !tlsm_add_cert_from_file( ctx, fullpath, isca ) ) {
- status = 0; /* found at least 1 valid CA file in the dir */
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS: loaded CA certificate file %s from CA certificate directory %s.\n",
+ fullpath, cacertdir, 0 );
+ status = PR_SUCCESS; /* found at least 1 valid CA file in the dir */
+ } else {
+ errcode = PR_GetError();
+ Debug( LDAP_DEBUG_TRACE,
+ "TLS: %s is not a valid CA certificate file - error %d:%s.\n",
+ fullpath, errcode,
+ PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
}
PR_smprintf_free( fullpath );
}
} while ( NULL != entry );
PR_CloseDir( dir );
-
- if ( status ) {
- PRErrorCode errcode = PR_GetError();
- Debug( LDAP_DEBUG_ANY,
- "TLS: did not find any valid CA certificate files in the CA certificate directory %s - error %d:%s.\n",
- cacertdir, errcode,
- PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
- return -1;
+ }
+done:
+ if ( status != PR_SUCCESS ) {
+ const char *fmtstr = NULL;
+ if ( cacertfile && cacertdir ) {
+ fmtstr = "TLS: did not find any valid CA certificates in %s or %s\n";
+ } else {
+ fmtstr = "TLS: did not find any valid CA certificates in %s%s\n";
}
+ Debug( LDAP_DEBUG_ANY, fmtstr, cacertdir ? cacertdir : "",
+ cacertfile ? cacertfile : "", 0 );
+ return -1;
}
return 0;
Reference in New Issue View Git Blame Copy Permalink