Description of problem: I don't believe tls_m.c supports TLS 1.1 and later. This requires some additional NSS APIs. You should be able to tell openldap to support TLS protocols > 1.0 with TLS_PROTOCOL_MIN Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
This needs to go into all versions of Fedora ASAP. Should I clone this for all Fedora releases?
Created attachment 955151 [details] openldap patch
Mark, could you please submit the patch upstream and link the ITS to this bugzilla? Thanks!
Created attachment 956867 [details] Official patch to openldap
(In reply to Jan Synacek from comment #3) > Mark, could you please submit the patch upstream and link the ITS to this > bugzilla? Thanks! Jan, The patch has been submitted to openldap: ITS#7979 Thanks, Mark
Pushed: http://pkgs.fedoraproject.org/cgit/openldap.git/commit/?id=4b2abac9db548c3ce7f44df72517eec50d68eefc Mark, could you please verify that the functionality remains? I had to backport the upstream patch, the code in rawhide openldap is quite different...
(In reply to Jan Synacek from comment #6) > Pushed: > http://pkgs.fedoraproject.org/cgit/openldap.git/commit/ > ?id=4b2abac9db548c3ce7f44df72517eec50d68eefc > > Mark, could you please verify that the functionality remains? I had to > backport the upstream patch, the code in rawhide openldap is quite > different... Jan, so there is no "pvers" table in rawhide? Can I look at the internal repo? If so, not sure how to(you can email me offline with the details)? The rest of the patch, the important part, looks good. Thanks, Mark