Bug 811468 - not all certificates in OpenSSL compatible CA certificate directory format are loaded
Summary: not all certificates in OpenSSL compatible CA certificate directory format ar...
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openldap   
(Show other bugs)
Version: 6.3
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Jan Vcelak
QA Contact: David Spurek
Keywords: Reopened
Depends On: 609722
Blocks: 593242 649048 699652
TreeView+ depends on / blocked
Reported: 2012-04-11 07:52 UTC by David Spurek
Modified: 2015-03-02 05:26 UTC (History)
10 users (show)

Fixed In Version: openldap-2.4.23-29.el6
Doc Type: Bug Fix
Doc Text:
Cause: OpenSSL hashed CA certificate directory is configured to be used as a source for trusted CA certificates. libldap assumes that filenames of all hashed certificates should end with '.0', which is not correct. Any numeric suffix is allowed. Consequence: Only certificates with '.0' suffix are loaded. Fix: Patch applied which updates checking of filenames of files in OpenSSL CA certificate directory. Result: All certificates with a filename, which is allowed in hashed OpenSSL CA certificate directory are loaded.
Story Points: ---
Clone Of: 609722
: 852786 (view as bug list)
Last Closed: 2013-02-21 09:45:35 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
proposed patch (3.40 KB, patch)
2012-08-29 14:46 UTC, Jan Vcelak
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:0364 normal SHIPPED_LIVE openldap bug fix and enhancement update 2013-02-20 20:52:54 UTC

Comment 6 Jan Vcelak 2012-08-29 14:46:38 UTC
Created attachment 607923 [details]
proposed patch

Proposed patch. Uses regular expressions instead of checking for '.0' file extension wrongly. Following format is allowed: ^[0-9a-f]{8}\\.[0-9]+$

Upstream submission:

Comment 11 Jan Vcelak 2012-09-25 16:10:26 UTC
Resolved in: openldap-2.4.23-29.el6

Comment 15 errata-xmlrpc 2013-02-21 09:45:35 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.