Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
openldap2.16177
0012-use-system-wide-cert-dir-by-default.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0012-use-system-wide-cert-dir-by-default.patch of Package openldap2.16177
The TLS configuration deliberately hid the error in case that user specified CA locations cannot be read, by loading CAs from default locations; and when user does not specify CA locations, the CAs from default locations are not read at all. This patch corrects the behaviour so that CAs from default location are used if user does not specify a CA location, and user is informed of the error if CAs cannot be loaded from the user specified location. Howard Guo <hguo@suse.com> 2016-11-10 diff -rupN openldap-2.4.41/libraries/libldap/tls_o.c openldap-2.4.41-patched/libraries/libldap/tls_o.c --- openldap-2.4.41/libraries/libldap/tls_o.c 2017-06-02 13:37:16.367651148 +0200 +++ openldap-2.4.41-patched/libraries/libldap/tls_o.c 2017-06-02 13:45:10.989891025 +0200 @@ -253,16 +253,17 @@ tlso_ctx_init( struct ldapoptions *lo, s return -1; } - if (lo->ldo_tls_cacertfile != NULL || lo->ldo_tls_cacertdir != NULL) { + if ( lo->ldo_tls_cacertfile == NULL && lo->ldo_tls_cacertdir == NULL ) { + if ( !SSL_CTX_set_default_verify_paths( ctx ) ) { + Debug( LDAP_DEBUG_ANY, "TLS: " + "could not use default certificate paths", 0, 0, 0 ); + tlso_report_error(); + return -1; + } + } else { if ( !SSL_CTX_load_verify_locations( ctx, - lt->lt_cacertfile, lt->lt_cacertdir ) || - !SSL_CTX_set_default_verify_paths( ctx ) ) + lt->lt_cacertfile, lt->lt_cacertdir ) ) { - Debug( LDAP_DEBUG_ANY, "TLS: " - "could not load verify locations (file:`%s',dir:`%s').\n", - lo->ldo_tls_cacertfile ? lo->ldo_tls_cacertfile : "", - lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "", - 0 ); tlso_report_error(); return -1; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor