[openldap] fix: default cipher suite is always selected
jvcelak
jvcelak at fedoraproject.org
Wed Jun 27 12:11:01 UTC 2012
commit 397ce0c9467664fe17f94502b98323f974b768e6
Author: Jan Vcelak <jvcelak at redhat.com>
Date: Wed Jun 27 14:10:28 2012 +0200
fix: default cipher suite is always selected
Resolves: #828790
...-nss-default-cipher-suite-always-selected.patch | 34 ++++++++++++++++++++
openldap.spec | 3 ++
2 files changed, 37 insertions(+), 0 deletions(-)
---
diff --git a/openldap-nss-default-cipher-suite-always-selected.patch b/openldap-nss-default-cipher-suite-always-selected.patch
new file mode 100644
index 0000000..10c3523
--- /dev/null
+++ b/openldap-nss-default-cipher-suite-always-selected.patch
@@ -0,0 +1,34 @@
+MozNSS: default cipher suite always selected
+
+Author: Tim Strobell <tim.strobell.ctr at nrl.navy.mil>
+Upstream ITS: #7285
+Upstream commit: 2c2bb2e7aee1b2167f383a8344985a1cf66aff3f
+Resolves: #828790
+
+diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
+index 23d843c..b608551 100644
+--- a/libraries/libldap/tls_m.c
++++ b/libraries/libldap/tls_m.c
+@@ -2218,12 +2218,13 @@ tlsm_deferred_ctx_init( void *arg )
+ return -1;
+ }
+
+- if ( lt->lt_ciphersuite &&
+- tlsm_parse_ciphers( ctx, lt->lt_ciphersuite )) {
+- Debug( LDAP_DEBUG_ANY,
+- "TLS: could not set cipher list %s.\n",
+- lt->lt_ciphersuite, 0, 0 );
+- return -1;
++ if ( lt->lt_ciphersuite ) {
++ if ( tlsm_parse_ciphers( ctx, lt->lt_ciphersuite ) ) {
++ Debug( LDAP_DEBUG_ANY,
++ "TLS: could not set cipher list %s.\n",
++ lt->lt_ciphersuite, 0, 0 );
++ return -1;
++ }
+ } else if ( tlsm_parse_ciphers( ctx, "DEFAULT" ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: could not set cipher list DEFAULT.\n",
+--
+1.7.10.4
+
diff --git a/openldap.spec b/openldap.spec
index a6d638b..e7fff04 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -44,6 +44,7 @@ Patch12: openldap-tls-unbind-shutdown-order.patch
Patch13: openldap-nss-dont-overwrite-verify-cert-error.patch
Patch14: openldap-nss-clean-memory-for-token-pin.patch
Patch15: openldap-cve-nss-cipher-suite-ignored.patch
+Patch16: openldap-nss-default-cipher-suite-always-selected.patch
# Fedora specific patches
Patch100: openldap-fedora-systemd.patch
@@ -155,6 +156,7 @@ pushd openldap-%{version}
%patch13 -p1
%patch14 -p1
%patch15 -p1
+%patch16 -p1
%patch100 -p1
@@ -673,6 +675,7 @@ exit 0
- fix: reading pin from file can make all TLS connections hang (#829317)
- CVE-2012-2668: cipher suite selection by name can be ignored (#825875)
- fix: slapd fails to start on reboot (#829272)
+- fix: default cipher suite is always selected (#828790)
* Fri May 18 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.31-2
- fix: nss-tools package is required by the base package, not the server subpackage
More information about the scm-commits
mailing list