[openldap] fix: MozNSS certificate database in SQL format cannot be used
jvcelak
jvcelak at fedoraproject.org
Fri Sep 14 14:17:53 UTC 2012
commit 557bf013065e12f44e30eb4479091b08d86d4594
Author: Jan Vcelak <jvcelak at redhat.com>
Date: Fri Sep 14 16:14:21 2012 +0200
fix: MozNSS certificate database in SQL format cannot be used
Resolves: #857390
openldap-nss-ignore-certdb-sql-prefix.patch | 31 +++++++++++++++++++++++++++
openldap.spec | 3 ++
2 files changed, 34 insertions(+), 0 deletions(-)
---
diff --git a/openldap-nss-ignore-certdb-sql-prefix.patch b/openldap-nss-ignore-certdb-sql-prefix.patch
new file mode 100644
index 0000000..a96fd36
--- /dev/null
+++ b/openldap-nss-ignore-certdb-sql-prefix.patch
@@ -0,0 +1,31 @@
+MozNSS: ignore certdb 'sql:' prefix when testing existence of the directory
+
+If the certdb uses newer SQL format, the certificate directory name starts with 'sql:'. This prefix has to be ignored
+when testing certificate directory existence.
+
+Author: Jan Vcelak <jvcelak at redhat.com>
+Upstream ITS: #7388
+Resolves: #857390
+
+diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
+index 61d71d4..80fa4f1 100644
+--- a/libraries/libldap/tls_m.c
++++ b/libraries/libldap/tls_m.c
+@@ -1643,7 +1643,13 @@ tlsm_get_certdb_prefix( const char *certdir, char **realcertdir, char **prefix )
+ return;
+ }
+
+- prc = PR_GetFileInfo( certdir, &prfi );
++ /* ignore sql: prefix if provided */
++ if ( strncmp( "sql:", certdir, 4 ) == 0 ) {
++ prc = PR_GetFileInfo( certdir + 4, &prfi );
++ } else {
++ prc = PR_GetFileInfo( certdir, &prfi );
++ }
++
+ /* if certdir exists (file or directory) then it cannot specify a prefix */
+ if ( prc == PR_SUCCESS ) {
+ return;
+--
+1.7.11.4
+
diff --git a/openldap.spec b/openldap.spec
index 74776f0..70a742d 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -45,6 +45,7 @@ Patch13: openldap-nss-allow-certname-with-token-name.patch
Patch14: openldap-nss-update-list-of-ciphers.patch
Patch15: openldap-tls-no-reuse-of-tls_session.patch
Patch16: openldap-nss-regex-search-hashed-cacert-dir.patch
+Patch17: openldap-nss-ignore-certdb-sql-prefix.patch
# Fedora specific patches
Patch100: openldap-autoconf-pkgconfig-nss.patch
@@ -163,6 +164,7 @@ ln -s %{_includedir}/nspr4 include/nspr
%patch14 -p1
%patch15 -p1
%patch16 -p1
+%patch17 -p1
%patch101 -p1
@@ -624,6 +626,7 @@ exit 0
- fix: some TLS ciphers cannot be enabled (#852338)
- fix: connection hangs after fallback to second server when certificate hostname verification fails (#852476)
- fix: not all certificates in OpenSSL compatible CA certificate directory format are loaded (#852786)
+- fix: MozNSS certificate database in SQL format cannot be used (#857390)
* Mon Aug 20 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.32-2
- enhancement: TLS, prefer private keys from authenticated slots
More information about the scm-commits
mailing list