[openldap] fix: some server certificates refused with inadequate type error
jvcelak
jvcelak at fedoraproject.org
Thu Jan 20 16:40:41 UTC 2011
commit 4afcb000ed094cbf0eaeaad40537cc1b2373e450
Author: Jan Vcelak <jvcelak at redhat.com>
Date: Thu Jan 20 16:19:39 2011 +0100
fix: some server certificates refused with inadequate type error
Resolves: #668899
openldap-verify-self-issued-certs.patch | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
---
diff --git a/openldap-verify-self-issued-certs.patch b/openldap-verify-self-issued-certs.patch
index a40abf6..4995b4c 100644
--- a/openldap-verify-self-issued-certs.patch
+++ b/openldap-verify-self-issued-certs.patch
@@ -1,12 +1,12 @@
openldap does not trust certs with Basic Constraint ext. with CA == FALSE
-Resolves: #657984
-Upstream: ITS #6742
+Resolves: #657984, #668899
+Upstream: ITS #6742, #6791
Author: Rich Megginson <rmeggins at redhat.com>
diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23/libraries/libldap/tls_m.c
---- openldap-2.4.23/libraries/libldap/tls_m.c 2011-01-06 20:24:54.401170400 +0100
-+++ openldap-2.4.23/libraries/libldap/tls_m.c 2011-01-06 20:40:21.180097089 +0100
+--- openldap-2.4.23/libraries/libldap/tls_m.c 2011-01-20 16:06:56.461937417 +0100
++++ openldap-2.4.23/libraries/libldap/tls_m.c 2011-01-20 16:07:58.494922870 +0100
@@ -63,6 +63,7 @@
#include <nss/secerr.h>
#include <nss/keyhi.h>
@@ -65,7 +65,7 @@ diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23/libraries/
+
+static SECStatus
+tlsm_verify_cert(CERTCertDBHandle *handle, CERTCertificate *cert, void *pinarg,
-+ PRBool checksig, SECCertUsage certUsage, int errorToIgnore )
++ PRBool checksig, SECCertificateUsage certUsage, int errorToIgnore )
+{
+ CERTVerifyLog verifylog;
+ SECStatus ret = SECSuccess;
@@ -159,7 +159,7 @@ diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23/libraries/
+tlsm_auth_cert_handler(void *arg, PRFileDesc *fd,
+ PRBool checksig, PRBool isServer)
+{
-+ SECCertUsage certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
++ SECCertificateUsage certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer;
+ SECStatus ret = SECSuccess;
+
+ ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, SSL_PeerCertificate( fd ),
More information about the scm-commits
mailing list