Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openldap/patches/03-tls_o.c.patch
author John Beck <John.Beck@Oracle.COM>
Mon, 12 Oct 2015 13:49:09 -0700
changeset 4940 dea6b3d5fd67
parent 4812 874a021a99a5
child 5911 a8d897c4c442
permissions -rw-r--r--
21985722 library/python/libxsl-27 should depend on runtime/python-27

Fixes problem with OpenLDAP+OpenSSL cannot trust intermediate
or leaf certificates. 
Patch was developed in-house; it is Solaris specific and
will not be contributed upstream.

--- openldap-2.4.30/libraries/libldap/tls_o.c.old       Tue Aug 18 11:40:46 2015
+++ openldap-2.4.30/libraries/libldap/tls_o.c   Tue Aug 18 11:41:25 2015
@@ -344,6 +344,16 @@
 		}
 	}
 #endif
+
+#ifdef X509_V_FLAG_PARTIAL_CHAIN
+	/*
+	 * Allow intermediate or leaf certificates in the trust list to
+	 * act as trust anchors.
+	 */
+	X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx),
+	    X509_V_FLAG_PARTIAL_CHAIN);
+#endif
+
 	return 0;
 }
upstream/oracle/userland-gate