Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openldap/patches/03-tls_o.c.patch
author Rich Burridge <rich.burridge@oracle.com>
Thu, 28 Jan 2016 16:55:44 -0800
changeset 5364 17f26e606ed1
parent 4812 874a021a99a5
child 5911 a8d897c4c442
permissions -rw-r--r--
22618657 openjade should be 64-bit

Fixes problem with OpenLDAP+OpenSSL cannot trust intermediate
or leaf certificates. 
Patch was developed in-house; it is Solaris specific and
will not be contributed upstream.

--- openldap-2.4.30/libraries/libldap/tls_o.c.old       Tue Aug 18 11:40:46 2015
+++ openldap-2.4.30/libraries/libldap/tls_o.c   Tue Aug 18 11:41:25 2015
@@ -344,6 +344,16 @@
 		}
 	}
 #endif
+
+#ifdef X509_V_FLAG_PARTIAL_CHAIN
+	/*
+	 * Allow intermediate or leaf certificates in the trust list to
+	 * act as trust anchors.
+	 */
+	X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx),
+	    X509_V_FLAG_PARTIAL_CHAIN);
+#endif
+
 	return 0;
 }
upstream/oracle/userland-gate