Bug 811468 - not all certificates in OpenSSL compatible CA certificate directory format are loaded
Summary: not all certificates in OpenSSL compatible CA certificate directory format ar...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openldap
Version: 6.3
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Jan Vcelak
QA Contact: David Spurek
URL:
Whiteboard:
Depends On: 609722
Blocks: 593242 649048 699652
TreeView+ depends on / blocked
 
Reported: 2012-04-11 07:52 UTC by David Spurek
Modified: 2015-03-02 05:26 UTC (History)
10 users (show)

Fixed In Version: openldap-2.4.23-29.el6
Doc Type: Bug Fix
Doc Text:
Cause: OpenSSL hashed CA certificate directory is configured to be used as a source for trusted CA certificates. libldap assumes that filenames of all hashed certificates should end with '.0', which is not correct. Any numeric suffix is allowed. Consequence: Only certificates with '.0' suffix are loaded. Fix: Patch applied which updates checking of filenames of files in OpenSSL CA certificate directory. Result: All certificates with a filename, which is allowed in hashed OpenSSL CA certificate directory are loaded.
Clone Of: 609722
: 852786 (view as bug list)
Environment:
Last Closed: 2013-02-21 09:45:35 UTC
Target Upstream Version:

Attachments (Terms of Use)
proposed patch (3.40 KB, patch)
2012-08-29 14:46 UTC, Jan Vcelak 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:0364 0 normal SHIPPED_LIVE openldap bug fix and enhancement update 2013-02-20 20:52:54 UTC

Comment 6 Jan Vcelak 2012-08-29 14:46:38 UTC 
Created attachment 607923 [details]
proposed patch

Proposed patch. Uses regular expressions instead of checking for '.0' file extension wrongly. Following format is allowed: ^[0-9a-f]{8}\\.[0-9]+$

Upstream submission:
http://www.openldap.org/its/index.cgi?findid=7374
Comment 11 Jan Vcelak 2012-09-25 16:10:26 UTC 
Resolved in: openldap-2.4.23-29.el6
Comment 15 errata-xmlrpc 2013-02-21 09:45:35 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0364.html
Note You need to log in before you can comment on or make changes to this bug.