Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 612876 Details for
Bug 857455
libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
patch
jvcelak-20120914-moznss-load-certs-from-certdb-fallback-to-pem.patch (text/plain), 2.93 KB, created by
Jan Vcelak
on 2012-09-14 13:33:34 UTC
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Jan Vcelak
Created:
2012-09-14 13:33:34 UTC
Size:
2.93 KB
patch
obsolete
>From 7cddb5b2725828920a72522f9fabe4bd37989763 Mon Sep 17 00:00:00 2001 >From: Jan Vcelak <jvcelak@redhat.com> >Date: Fri, 14 Sep 2012 14:24:29 +0200 >Subject: [PATCH] MozNSS: load certificates from certdb, fallback to PEM > >If TLS_CACERT pointed to a PEM file and TLS_CACERTDIR was set to NSS >certificate database, the backend assumed that the certificate is always >located in the certificate database. This assumption might be wrong. > >This patch makes the library to try to load the certificate from NSS >database and fallback to PEM file if unsuccessfull. >--- > libraries/libldap/tls_m.c | 33 ++++++++++++++++++++------------- > 1 file changed, 20 insertions(+), 13 deletions(-) > >diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c >index 1422ce2..2ca89e9 100644 >--- a/libraries/libldap/tls_m.c >+++ b/libraries/libldap/tls_m.c >@@ -1343,7 +1343,7 @@ tlsm_ctx_load_private_key( tlsm_ctx *ctx ) > /* prefer unlocked key, then key from opened certdb, then any other */ > if ( unlocked_key ) > ctx->tc_private_key = unlocked_key; >- else if ( ctx->tc_certdb_slot ) >+ else if ( ctx->tc_certdb_slot && !ctx->tc_using_pem ) > ctx->tc_private_key = PK11_FindKeyByDERCert( ctx->tc_certdb_slot, ctx->tc_certificate, pin_arg ); > else > ctx->tc_private_key = PK11_FindKeyByAnyCert( ctx->tc_certificate, pin_arg ); >@@ -1819,8 +1819,6 @@ tlsm_deferred_init( void *arg ) > } > return -1; > } >- >- ctx->tc_using_pem = PR_TRUE; > } > > NSS_SetDomesticPolicy(); >@@ -2273,15 +2271,9 @@ tlsm_deferred_ctx_init( void *arg ) > > /* set up our cert and key, if any */ > if ( lt->lt_certfile ) { >- /* if using the PEM module, load the PEM file specified by lt_certfile */ >- /* otherwise, assume this is the name of a cert already in the db */ >- if ( ctx->tc_using_pem ) { >- /* this sets ctx->tc_certificate to the correct value */ >- int rc = tlsm_add_cert_from_file( ctx, lt->lt_certfile, PR_FALSE ); >- if ( rc ) { >- return rc; >- } >- } else { >+ >+ /* first search in certdb (lt_certfile is nickname) */ >+ if ( ctx->tc_certdb ) { > char *tmp_certname; > > if ( tlsm_is_tokenname_certnick( lt->lt_certfile )) { >@@ -2301,9 +2293,24 @@ tlsm_deferred_ctx_init( void *arg ) > Debug( LDAP_DEBUG_ANY, > "TLS: error: the certificate '%s' could not be found in the database - error %d:%s.\n", > lt->lt_certfile, errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) ); >- return -1; > } > } >+ >+ /* fallback to PEM module (lt_certfile is filename) */ >+ if ( !ctx->tc_certificate && pem_module ) { >+ /* this sets ctx->tc_certificate to the correct value */ >+ if ( !tlsm_add_cert_from_file( ctx, lt->lt_certfile, PR_FALSE ) ) { >+ ctx->tc_using_pem = PR_TRUE; >+ } >+ } >+ >+ if ( ctx->tc_certificate ) { >+ Debug( LDAP_DEBUG_ANY, >+ "TLS: certificate '%s' successfully loaded from %s.\n", lt->lt_certfile, >+ ctx->tc_using_pem ? "PEM file" : "moznss database", 0); >+ } else { >+ return -1; >+ } > } > > if ( lt->lt_keyfile ) { >-- >1.7.11.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 857455
: 612876