15824668 SUNBT7206205 OpenLDAP+OpenSSL cannot trust intermediate or leaf certificates
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openldap/patches/03-tls_o.c.patch Wed Aug 26 11:56:11 2015 -0600
@@ -0,0 +1,23 @@
+Fixes problem with OpenLDAP+OpenSSL cannot trust intermediate
+or leaf certificates.
+Patch was developed in-house; it is Solaris specific and
+will not be contributed upstream.
+
+--- openldap-2.4.30/libraries/libldap/tls_o.c.old Tue Aug 18 11:40:46 2015
++++ openldap-2.4.30/libraries/libldap/tls_o.c Tue Aug 18 11:41:25 2015
+@@ -344,6 +344,16 @@
+ }
+ }
+ #endif
++
++#ifdef X509_V_FLAG_PARTIAL_CHAIN
++ /*
++ * Allow intermediate or leaf certificates in the trust list to
++ * act as trust anchors.
++ */
++ X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx),
++ X509_V_FLAG_PARTIAL_CHAIN);
++#endif
++
+ return 0;
+ }