[openldap/f15] fix: matching wildcard hostnames in certificate Subject field does not work

jvcelak jvcelak at fedoraproject.org
Wed Aug 24 19:26:32 UTC 2011 

commit 7c74d91e0ae2ce827fdacd4071c9b4d3defbdc1c
Author: Jan Vcelak <jvcelak at redhat.com>
Date:   Wed Aug 24 19:11:54 2011 +0200

    fix: matching wildcard hostnames in certificate Subject field does not work
    
    Resolves: #733073

 openldap-nss-wildcards.patch |   17 +++++++++++++++++
 openldap.spec                |    3 +++
 2 files changed, 20 insertions(+), 0 deletions(-)
---
diff --git a/openldap-nss-wildcards.patch b/openldap-nss-wildcards.patch
new file mode 100644
index 0000000..4d7a266
--- /dev/null
+++ b/openldap-nss-wildcards.patch
@@ -0,0 +1,17 @@
+matching wildcard hostnames in certificate Subject field does not work
+
+Upstream ITS: #7006
+Author: Philippe Kueck <hash_oldap at cycdolphin.net>
+Resolves: #733073
+
+--- openldap-2.4.23.orig/libraries/libldap/tls_m.c	2011-08-01 12:43:59.000000000 +0200
++++ openldap-2.4.23.orig/libraries/libldap/tls_m.c	2011-08-01 13:53:05.000000000 +0200
+@@ -2601,7 +2601,7 @@ 
+ 				if ( av->len == nlen && !strncasecmp( name, (char *)av->data, nlen )) {
+ 					ret = LDAP_SUCCESS;
+ 				} else if ( av->data[0] == '*' && av->data[1] == '.' &&
+-					domain && dlen == av->len - 1 && !strncasecmp( name,
++					domain && dlen == av->len - 1 && !strncasecmp( domain,
+ 						(char *)(av->data+1), dlen )) {
+ 					ret = LDAP_SUCCESS;
+ 				} else {
diff --git a/openldap.spec b/openldap.spec
index 7292303..52f5cba 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -43,6 +43,7 @@ Patch20: openldap-nss-memleak-free-certs.patch
 Patch21: openldap-constraint-overlay-config.patch
 Patch22: openldap-dds-overlay-tolerance.patch
 Patch23: openldap-man-slapo-unique.patch
+Patch24: openldap-nss-wildcards.patch
 
 # patches for the evolution library (see README.evolution)
 Patch200: openldap-evolution-ntlm.patch
@@ -158,6 +159,7 @@ pushd openldap-%{version}
 %patch21 -p1 -b .constraint-overlay-config
 %patch22 -p1 -b .dds-overlay-tolerance
 %patch23 -p1 -b .man-slapo-unique
+%patch24 -p1 -b .nss-wildcards
 
 cp %{_datadir}/libtool/config/config.{sub,guess} build/
 
@@ -707,6 +709,7 @@ exit 0
 - fix: conversion of constraint overlay settings to cn=config is incorrect (#733067)
 - fix: DDS overlay tolerance parametr doesn't function and breakes default TTL (#733069)
 - manpage fix: errors in manual page slapo-unique (#733070)
+- fix: matching wildcard hostnames in certificate Subject field does not work (#733073)
 
 * Tue Jun 28 2011 Jan Vcelak <jvcelak at redhat.com> 2.4.24-3
 - fix: openldap-servers scriptlets require initscripts package (#716857)

More information about the scm-commits mailing list