Fixes problem with OpenLDAP+OpenSSL cannot trust intermediate
or leaf certificates.
Patch was developed in-house; it is Solaris specific and
will not be contributed upstream.
--- openldap-2.4.30/libraries/libldap/tls_o.c.old Tue Aug 18 11:40:46 2015
+++ openldap-2.4.30/libraries/libldap/tls_o.c Tue Aug 18 11:41:25 2015
@@ -344,6 +344,16 @@
}
}
#endif
+
+#ifdef X509_V_FLAG_PARTIAL_CHAIN
+ /*
+ * Allow intermediate or leaf certificates in the trust list to
+ * act as trust anchors.
+ */
+ X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx),
+ X509_V_FLAG_PARTIAL_CHAIN);
+#endif
+
return 0;
}