mhonek / rpms / openldap

Forked from rpms/openldap 3 years ago
Clone
Source Code
GIT

Blame openldap-nss-allow-certname-with-token-name.patch

FC-4-split f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f7 f8 f9 libldap-test master private-moznss-f17
  1.   2999a968364a48b106b5cd83c82abd80286d6aa5
  2.   openldap-nss-allow-certname-with-token-name.patch
Blob History Raw
Jan Vcelak ad070fc 
Accept nss certificate name in the form of tokenname:certnickname
Jan Vcelak ad070fc
Jan Vcelak ad070fc 
Author: Rich Megginson <rmeggins@redhat.com>
Jan Vcelak ad070fc 
Upstream ITS: #7360
Jan Vcelak ad070fc
Jan Vcelak ad070fc 
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
Jan Vcelak ad070fc 
index 5022efb..7377bb1 100644
Jan Vcelak ad070fc 
--- a/libraries/libldap/tls_m.c
Jan Vcelak ad070fc 
+++ b/libraries/libldap/tls_m.c
Jan Vcelak ad070fc 
@@ -2102,6 +2102,22 @@ tlsm_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
Jan Vcelak ad070fc 
 	return 0;
Jan Vcelak ad070fc 
 }
Jan Vcelak ad070fc
Jan Vcelak ad070fc 
+/* returns true if the given string looks like
Jan Vcelak ad070fc 
+   "tokenname" ":" "certnickname"
Jan Vcelak ad070fc 
+   This is true if there is a ':' colon character
Jan Vcelak ad070fc 
+   in the string and the colon is not the first
Jan Vcelak ad070fc 
+   or the last character in the string
Jan Vcelak ad070fc 
+*/
Jan Vcelak ad070fc 
+static int
Jan Vcelak ad070fc 
+tlsm_is_tokenname_certnick( const char *certfile )
Jan Vcelak ad070fc 
+{
Jan Vcelak ad070fc 
+	if ( certfile ) {
Jan Vcelak ad070fc 
+		const char *ptr = PL_strchr( certfile, ':' );
Jan Vcelak ad070fc 
+		return ptr && (ptr != certfile) && (*(ptr+1));
Jan Vcelak ad070fc 
+	}
Jan Vcelak ad070fc 
+	return 0;
Jan Vcelak ad070fc 
+}
Jan Vcelak ad070fc 
+
Jan Vcelak ad070fc 
 static int
Jan Vcelak ad070fc 
 tlsm_deferred_ctx_init( void *arg )
Jan Vcelak ad070fc 
 {
Jan Vcelak ad070fc 
@@ -2268,7 +2284,10 @@ tlsm_deferred_ctx_init( void *arg )
Jan Vcelak ad070fc 
 		} else {
Jan Vcelak ad070fc 
 			char *tmp_certname;
Jan Vcelak ad070fc
Jan Vcelak ad070fc 
-			if (ctx->tc_certdb_slot) {
Jan Vcelak ad070fc 
+			if (tlsm_is_tokenname_certnick(lt->lt_certfile)) {
Jan Vcelak ad070fc 
+				/* assume already in form tokenname:certnickname */
Jan Vcelak ad070fc 
+				tmp_certname = PL_strdup(lt->lt_certfile);
Jan Vcelak ad070fc 
+			} else if (ctx->tc_certdb_slot) {
Jan Vcelak ad070fc 
 				tmp_certname = PR_smprintf(TLSM_CERTDB_DESC_FMT ":%s", ctx->tc_unique, lt->lt_certfile);
Jan Vcelak ad070fc 
 			} else {
Jan Vcelak ad070fc 
 				tmp_certname = PR_smprintf("%s", lt->lt_certfile);
Jan Vcelak ad070fc 
--
Jan Vcelak ad070fc 
1.7.11.4
Jan Vcelak ad070fc
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.