mhonek / rpms / openldap

Forked from rpms/openldap 3 years ago
Clone
Source Code
GIT

Files

FC-4-split f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f7 f8 f9 libldap-test master private-moznss-f17
  1.   f15
  2.   openldap-nss-can-ignore-expired-issuer.patch
Blob Blame History Raw 
MozNSS: when cert not required, ignore issuer expiration
    
When server certificate is not required in a TLS session (e.g.
TLS_REQCERT is set to 'never'), ignore expired issuer certificate error
and do not terminate the connection.

Author: Jan Vcelak <jvcelak@redhat.com>
Upstream ITS: #6998
Upstream commit: e8ac17e17c831ed44174a22c1cb2a8dc39fcb976
Resolves: #722961

diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
index 32af7ec..7ae7d82 100644
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@@ -671,6 +671,7 @@ tlsm_bad_cert_handler(void *arg, PRFileDesc *ssl)
 	case SEC_ERROR_UNTRUSTED_ISSUER:
 	case SEC_ERROR_UNKNOWN_ISSUER:
 	case SEC_ERROR_EXPIRED_CERTIFICATE:
+	case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
 		if (ctx->tc_verify_cert) {
 			success = SECFailure;
 		}
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.