[openldap/f15] fix: allow unsetting of tls_* syncrepl options

jvcelak jvcelak at fedoraproject.org
Mon Sep 12 17:02:02 UTC 2011 

commit 6a75c6ad283f4713d84df93f0e239f21d7f783e3
Author: Jan Vcelak <jvcelak at redhat.com>
Date:   Mon Sep 12 18:42:53 2011 +0200

    fix: allow unsetting of tls_* syncrepl options
    
    Resolves: #734187

 openldap-syncrepl-unset-tls-options.patch |   69 +++++++++++++++++++++++++++++
 openldap.spec                             |    3 +
 2 files changed, 72 insertions(+), 0 deletions(-)
---
diff --git a/openldap-syncrepl-unset-tls-options.patch b/openldap-syncrepl-unset-tls-options.patch
new file mode 100644
index 0000000..51836a8
--- /dev/null
+++ b/openldap-syncrepl-unset-tls-options.patch
@@ -0,0 +1,69 @@
+allow unsetting of tls_* syncrepl options
+
+Author: Patrick Monnerat <pm at datasphere.ch>
+Upstream ITS: #7042
+Resolves: #734187
+
+---
+ libraries/libldap/tls2.c |   16 ++++++++--------
+ 1 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
+index 5c35fb5..4c9eb30 100644
+--- a/libraries/libldap/tls2.c
++++ b/libraries/libldap/tls2.c
+@@ -731,27 +731,27 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
+ 		return 0;
+ 	case LDAP_OPT_X_TLS_CACERTFILE:
+ 		if ( lo->ldo_tls_cacertfile ) LDAP_FREE( lo->ldo_tls_cacertfile );
+-		lo->ldo_tls_cacertfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++		lo->ldo_tls_cacertfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ 		return 0;
+ 	case LDAP_OPT_X_TLS_CACERTDIR:
+ 		if ( lo->ldo_tls_cacertdir ) LDAP_FREE( lo->ldo_tls_cacertdir );
+-		lo->ldo_tls_cacertdir = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++		lo->ldo_tls_cacertdir = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ 		return 0;
+ 	case LDAP_OPT_X_TLS_CERTFILE:
+ 		if ( lo->ldo_tls_certfile ) LDAP_FREE( lo->ldo_tls_certfile );
+-		lo->ldo_tls_certfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++		lo->ldo_tls_certfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ 		return 0;
+ 	case LDAP_OPT_X_TLS_KEYFILE:
+ 		if ( lo->ldo_tls_keyfile ) LDAP_FREE( lo->ldo_tls_keyfile );
+-		lo->ldo_tls_keyfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++		lo->ldo_tls_keyfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ 		return 0;
+ 	case LDAP_OPT_X_TLS_DHFILE:
+ 		if ( lo->ldo_tls_dhfile ) LDAP_FREE( lo->ldo_tls_dhfile );
+-		lo->ldo_tls_dhfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++		lo->ldo_tls_dhfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ 		return 0;
+ 	case LDAP_OPT_X_TLS_CRLFILE:	/* GnuTLS only */
+ 		if ( lo->ldo_tls_crlfile ) LDAP_FREE( lo->ldo_tls_crlfile );
+-		lo->ldo_tls_crlfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++		lo->ldo_tls_crlfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ 		return 0;
+ 	case LDAP_OPT_X_TLS_REQUIRE_CERT:
+ 		if ( !arg ) return -1;
+@@ -779,7 +779,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
+ #endif
+ 	case LDAP_OPT_X_TLS_CIPHER_SUITE:
+ 		if ( lo->ldo_tls_ciphersuite ) LDAP_FREE( lo->ldo_tls_ciphersuite );
+-		lo->ldo_tls_ciphersuite = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++		lo->ldo_tls_ciphersuite = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ 		return 0;
+ 
+ 	case LDAP_OPT_X_TLS_PROTOCOL_MIN:
+@@ -790,7 +790,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
+ 		if ( ld != NULL )
+ 			return -1;
+ 		if ( lo->ldo_tls_randfile ) LDAP_FREE (lo->ldo_tls_randfile );
+-		lo->ldo_tls_randfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
++		lo->ldo_tls_randfile = (arg && *(char *)arg) ? LDAP_STRDUP( (char *) arg ) : NULL;
+ 		break;
+ 	case LDAP_OPT_X_TLS_NEWCTX:
+ 		if ( !arg ) return -1;
+-- 
+1.7.6.1
+
diff --git a/openldap.spec b/openldap.spec
index ad02234..1b6defc 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -49,6 +49,7 @@ Patch26: openldap-sasl-gssapi-options.patch
 Patch27: openldap-nss-can-ignore-expired-issuer.patch
 Patch28: openldap-sql-datatypes.patch
 Patch29: openldap-nss-handshake-threadsafe.patch
+Patch30: openldap-syncrepl-unset-tls-options.patch
 
 # patches for the evolution library (see README.evolution)
 Patch200: openldap-evolution-ntlm.patch
@@ -170,6 +171,7 @@ pushd openldap-%{version}
 %patch27 -p1 -b .nss-can-ignore-expired-issuer
 %patch28 -p1 -b .sql-datatypes
 %patch29 -p1 -b .nss-handshake-threadsafe
+%patch30 -p1 -b .syncrepl-unset-tls-options
 
 cp %{_datadir}/libtool/config/config.{sub,guess} build/
 
@@ -713,6 +715,7 @@ exit 0
 %changelog
 * Mon Sep 12 2011 Jan Vcelak <jvcelak at redhat.com> 2.4.24-5
 - fix: SSL_ForceHandshake function is not thread safe (#701678)
+- fix: allow unsetting of tls_* syncrepl options (#734187)
 
 * Wed Aug 24 2011 Jan Vcelak <jvcelak at redhat.com> 2.4.24-4
 - fix: NSS_Init* functions are not thread safe (#731112)

More information about the scm-commits mailing list