15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
authorzihao.zhu@oracle.com <zihao.zhu@oracle.com>
Wed, 26 Aug 2015 11:56:11 -0600
changeset 4812 874a021a99a5
parent 4811 e20eb691d748
child 4813 5e86eaf216ff
15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
components/openldap/patches/03-tls_o.c.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openldap/patches/03-tls_o.c.patch	Wed Aug 26 11:56:11 2015 -0600
@@ -0,0 +1,23 @@
+Fixes problem with OpenLDAP+OpenSSL cannot trust intermediate
+or leaf certificates. 
+Patch was developed in-house; it is Solaris specific and
+will not be contributed upstream.
+
+--- openldap-2.4.30/libraries/libldap/tls_o.c.old       Tue Aug 18 11:40:46 2015
++++ openldap-2.4.30/libraries/libldap/tls_o.c   Tue Aug 18 11:41:25 2015
[email protected]@ -344,6 +344,16 @@
+ 		}
+ 	}
+ #endif
++
++#ifdef X509_V_FLAG_PARTIAL_CHAIN
++	/*
++	 * Allow intermediate or leaf certificates in the trust list to
++	 * act as trust anchors.
++	 */
++	X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx),
++	    X509_V_FLAG_PARTIAL_CHAIN);
++#endif
++
+ 	return 0;
+ }