[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
OpenLDAP does not allow to send certificate chains (ITS#3159)
Full_Name: Arne Brutschy
Version: 2.2.11
OS: Linux 2.6.4
URL: http://projects.nuschkys.net/patches/openldap-2.6.11-use_chain_certificates.patch.gz
Submission from: (NULL) (139.18.1.5)
OpenLDAP does not allow to send certificate chains, which allows to send more
than one certificate in the tls response.
Here is a very simple patch to allow this:
diff -urN openldap-2.2.11-orig/libraries/libldap/tls.c
openldap-2.2.11/libraries/libldap/tls.c
--- openldap-2.2.11-orig/libraries/libldap/tls.c 2004-01-01
19:16:30.000000000 +0100
+++ openldap-2.2.11/libraries/libldap/tls.c 2004-05-26 10:46:10.708020320
+0200
@@ -325,8 +325,8 @@
}
if ( tls_opt_certfile &&
- !SSL_CTX_use_certificate_file( tls_def_ctx,
- certfile, SSL_FILETYPE_PEM ) )
+ !SSL_CTX_use_certificate_chain_file( tls_def_ctx,
+ certfile ) )
{
#ifdef NEW_LOGGING
LDAP_LOG ( TRANSPORT, ERR, "ldap_pvt_tls_init_def_ctx:
"