Description of problem:
I don't believe tls_m.c supports TLS 1.1 and later. This requires some additional NSS APIs. You should be able to tell openldap to support TLS protocols > 1.0 with TLS_PROTOCOL_MIN
Version-Release number of selected component (if applicable):
Steps to Reproduce:
This needs to go into all versions of Fedora ASAP. Should I clone this for all Fedora releases?
Created attachment 955151 [details]
Mark, could you please submit the patch upstream and link the ITS to this bugzilla? Thanks!
Created attachment 956867 [details]
Official patch to openldap
(In reply to Jan Synacek from comment #3)
> Mark, could you please submit the patch upstream and link the ITS to this
> bugzilla? Thanks!
The patch has been submitted to openldap: ITS#7979
Mark, could you please verify that the functionality remains? I had to backport the upstream patch, the code in rawhide openldap is quite different...
(In reply to Jan Synacek from comment #6)
> Mark, could you please verify that the functionality remains? I had to
> backport the upstream patch, the code in rawhide openldap is quite
Jan, so there is no "pvers" table in rawhide? Can I look at the internal repo? If so, not sure how to(you can email me offline with the details)?
The rest of the patch, the important part, looks good.