ad070fca8d
Resolves TLS failures in replication in 389 Directory Server introduced by recent Mozilla NSS backend fixes.
48 lines
1.4 KiB
Diff
48 lines
1.4 KiB
Diff
Accept nss certificate name in the form of tokenname:certnickname
|
|
|
|
Author: Rich Megginson <rmeggins@redhat.com>
|
|
Upstream ITS: #7360
|
|
|
|
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
|
index 5022efb..7377bb1 100644
|
|
--- a/libraries/libldap/tls_m.c
|
|
+++ b/libraries/libldap/tls_m.c
|
|
@@ -2102,6 +2102,22 @@ tlsm_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
|
|
return 0;
|
|
}
|
|
|
|
+/* returns true if the given string looks like
|
|
+ "tokenname" ":" "certnickname"
|
|
+ This is true if there is a ':' colon character
|
|
+ in the string and the colon is not the first
|
|
+ or the last character in the string
|
|
+*/
|
|
+static int
|
|
+tlsm_is_tokenname_certnick( const char *certfile )
|
|
+{
|
|
+ if ( certfile ) {
|
|
+ const char *ptr = PL_strchr( certfile, ':' );
|
|
+ return ptr && (ptr != certfile) && (*(ptr+1));
|
|
+ }
|
|
+ return 0;
|
|
+}
|
|
+
|
|
static int
|
|
tlsm_deferred_ctx_init( void *arg )
|
|
{
|
|
@@ -2268,7 +2284,10 @@ tlsm_deferred_ctx_init( void *arg )
|
|
} else {
|
|
char *tmp_certname;
|
|
|
|
- if (ctx->tc_certdb_slot) {
|
|
+ if (tlsm_is_tokenname_certnick(lt->lt_certfile)) {
|
|
+ /* assume already in form tokenname:certnickname */
|
|
+ tmp_certname = PL_strdup(lt->lt_certfile);
|
|
+ } else if (ctx->tc_certdb_slot) {
|
|
tmp_certname = PR_smprintf(TLSM_CERTDB_DESC_FMT ":%s", ctx->tc_unique, lt->lt_certfile);
|
|
} else {
|
|
tmp_certname = PR_smprintf("%s", lt->lt_certfile);
|
|
--
|
|
1.7.11.4
|
|
|