1
TLS: allow MozNSS CA certdir together with PEM CA certfile
3
Author: Jan Vcelak <jvcelak@redhat.com>
6
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
7
index 50c03dd..8f8f2b0 100644
8
--- a/libraries/libldap/tls_m.c
9
+++ b/libraries/libldap/tls_m.c
10
@@ -1695,6 +1695,9 @@ tlsm_deferred_init( void *arg )
11
ctx->tc_initctx = initctx;
16
+ if ( errcode || lt->lt_cacertfile ) {
17
/* initialize the PEM module */
19
ldap_pvt_thread_mutex_lock( &tlsm_init_mutex );
20
@@ -1703,16 +1706,23 @@ tlsm_deferred_init( void *arg )
22
ldap_pvt_thread_mutex_unlock( &tlsm_init_mutex );
23
#endif /* LDAP_R_COMPILE */
24
- errcode = PORT_GetError();
25
+ int pem_errcode = PORT_GetError();
26
Debug( LDAP_DEBUG_ANY,
27
"TLS: could not initialize moznss PEM module - error %d:%s.\n",
28
- errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), 0 );
30
+ pem_errcode, PR_ErrorToString( pem_errcode, PR_LANGUAGE_I_DEFAULT ), 0 );
32
+ if ( errcode ) /* PEM is required */
35
+ } else if ( !errcode ) {
36
+ tlsm_init_ca_certs( ctx, lt->lt_cacertfile, NULL );
39
ldap_pvt_thread_mutex_unlock( &tlsm_init_mutex );
40
#endif /* LDAP_R_COMPILE */
44
if ( tlsm_init_ca_certs( ctx, lt->lt_cacertfile, lt->lt_cacertdir ) ) {
45
/* if we tried to use lt->lt_cacertdir as an NSS key/cert db, errcode
46
will be a value other than 1 - print an error message so that the
added
removed
SOURCES/openldap-nss-allow-ca-dbdir-pemfile.patch
