author | Rich Burridge <rich.burridge@oracle.com> |
Tue, 02 May 2017 17:33:26 -0700 | |
changeset 7964 | d9801318ed3d |
parent 5911 | a8d897c4c442 |
permissions | -rw-r--r-- |
4812
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
1 |
Fixes problem with OpenLDAP+OpenSSL cannot trust intermediate |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
2 |
or leaf certificates. |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
3 |
Patch was developed in-house; it is Solaris specific and |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
4 |
will not be contributed upstream. |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
5 |
|
5911
a8d897c4c442
PSARC/2016/225 OpenLDAP Update to 2.4.44
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
4812
diff
changeset
|
6 |
--- openldap-2.4.44/libraries/libldap/tls_o.c.old Thu Nov 5 10:11:36 2015 |
a8d897c4c442
PSARC/2016/225 OpenLDAP Update to 2.4.44
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
4812
diff
changeset
|
7 |
+++ openldap-2.4.44/libraries/libldap/tls_o.c Thu Nov 5 10:16:10 2015 |
a8d897c4c442
PSARC/2016/225 OpenLDAP Update to 2.4.44
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
4812
diff
changeset
|
8 |
@@ -363,6 +363,16 @@ |
4812
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
9 |
} |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
10 |
} |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
11 |
#endif |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
12 |
+ |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
13 |
+#ifdef X509_V_FLAG_PARTIAL_CHAIN |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
14 |
+ /* |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
15 |
+ * Allow intermediate or leaf certificates in the trust list to |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
16 |
+ * act as trust anchors. |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
17 |
+ */ |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
18 |
+ X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
19 |
+ X509_V_FLAG_PARTIAL_CHAIN); |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
20 |
+#endif |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
21 |
+ |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
22 |
return 0; |
874a021a99a5
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
zihao.zhu@oracle.com <zihao.zhu@oracle.com>
parents:
diff
changeset
|
23 |
} |