Bug 652304

Summary: TLS_CACERTDIR takes precedence over TLS_CACERT
Product: [Fedora] Fedora Reporter: Jakub Hrozek <jhrozek>
Component: openldapAssignee: Jan Vcelak <jvcelak>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 14CC: jvcelak, rmeggins, tsmetana
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openldap-2.4.23-3.fc14 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 652816 (view as bug list) Environment:
Last Closed: 2010-11-22 22:10:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 652816    

Description Jakub Hrozek 2010-11-11 15:54:42 UTC 
Description of problem:
When both TLS_CACERTDIR and TLS_CACERT are used, TLS_CACERTDIR takes precedence in F14.

Version-Release number of selected component (if applicable):
openldap-2.4.22-7.fc14.x86_64


How reproducible:
always


Steps to Reproduce:
1. create a certificate somewhere on filesystem, for example /tmp/mycert.crt
2. set TLS_CACERT to /tmp/mycert.crt and TLS_CACERTDIR to (default) /etc/openldap/cacerts
3. run some ldap operation like ldapsearch
  
Actual results:
TLS error


Expected results:
success


Additional info:
This is a regression compared to F13 and to what manpage says
Comment 1 Rich Megginson 2010-11-12 21:56:42 UTC 
Patch submitted upstream:
http://www.openldap.org/its/index.cgi/Incoming?id=6704;selectid=6704
Comment 2 Jan Vcelak 2010-11-16 13:06:39 UTC 
Thanks. The patch will be applied soon.
Comment 3 Jan Vcelak 2010-11-18 11:16:28 UTC 
Fixed in openldap-2.4.23-3.fc15, openldap-2.4.23-3.fc14.
Comment 4 Fedora Update System 2010-11-18 11:20:07 UTC 
openldap-2.4.23-3.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/openldap-2.4.23-3.fc14
Comment 5 Fedora Update System 2010-11-19 00:12:40 UTC 
openldap-2.4.23-3.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update openldap'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/openldap-2.4.23-3.fc14
Comment 6 Fedora Update System 2010-11-22 22:10:00 UTC 
openldap-2.4.23-3.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.