[openldap/f15] fix: matching wildcard hostnames in certificate Subject field does not work
jvcelak
jvcelak at fedoraproject.org
Wed Aug 24 19:26:32 UTC 2011
commit 7c74d91e0ae2ce827fdacd4071c9b4d3defbdc1c
Author: Jan Vcelak <jvcelak at redhat.com>
Date: Wed Aug 24 19:11:54 2011 +0200
fix: matching wildcard hostnames in certificate Subject field does not work
Resolves: #733073
openldap-nss-wildcards.patch | 17 +++++++++++++++++
openldap.spec | 3 +++
2 files changed, 20 insertions(+), 0 deletions(-)
---
diff --git a/openldap-nss-wildcards.patch b/openldap-nss-wildcards.patch
new file mode 100644
index 0000000..4d7a266
--- /dev/null
+++ b/openldap-nss-wildcards.patch
@@ -0,0 +1,17 @@
+matching wildcard hostnames in certificate Subject field does not work
+
+Upstream ITS: #7006
+Author: Philippe Kueck <hash_oldap at cycdolphin.net>
+Resolves: #733073
+
+--- openldap-2.4.23.orig/libraries/libldap/tls_m.c 2011-08-01 12:43:59.000000000 +0200
++++ openldap-2.4.23.orig/libraries/libldap/tls_m.c 2011-08-01 13:53:05.000000000 +0200
+@@ -2601,7 +2601,7 @@
+ if ( av->len == nlen && !strncasecmp( name, (char *)av->data, nlen )) {
+ ret = LDAP_SUCCESS;
+ } else if ( av->data[0] == '*' && av->data[1] == '.' &&
+- domain && dlen == av->len - 1 && !strncasecmp( name,
++ domain && dlen == av->len - 1 && !strncasecmp( domain,
+ (char *)(av->data+1), dlen )) {
+ ret = LDAP_SUCCESS;
+ } else {
diff --git a/openldap.spec b/openldap.spec
index 7292303..52f5cba 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -43,6 +43,7 @@ Patch20: openldap-nss-memleak-free-certs.patch
Patch21: openldap-constraint-overlay-config.patch
Patch22: openldap-dds-overlay-tolerance.patch
Patch23: openldap-man-slapo-unique.patch
+Patch24: openldap-nss-wildcards.patch
# patches for the evolution library (see README.evolution)
Patch200: openldap-evolution-ntlm.patch
@@ -158,6 +159,7 @@ pushd openldap-%{version}
%patch21 -p1 -b .constraint-overlay-config
%patch22 -p1 -b .dds-overlay-tolerance
%patch23 -p1 -b .man-slapo-unique
+%patch24 -p1 -b .nss-wildcards
cp %{_datadir}/libtool/config/config.{sub,guess} build/
@@ -707,6 +709,7 @@ exit 0
- fix: conversion of constraint overlay settings to cn=config is incorrect (#733067)
- fix: DDS overlay tolerance parametr doesn't function and breakes default TTL (#733069)
- manpage fix: errors in manual page slapo-unique (#733070)
+- fix: matching wildcard hostnames in certificate Subject field does not work (#733073)
* Tue Jun 28 2011 Jan Vcelak <jvcelak at redhat.com> 2.4.24-3
- fix: openldap-servers scriptlets require initscripts package (#716857)
More information about the scm-commits
mailing list