1
## Mathias Gug <mathiaz@ubuntu.com>
2
## Enable V1 CA certs to be trusted.
3
## ITS: 5992 - http://www.openldap.org/its/index.cgi?findid=5992
4
## LP: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/305264
6
## Backport from patch: http://bazaar.launchpad.net/%7Evcs-imports/openldap/main-src/diff/17238
8
--- openldap.orig/libraries/libldap/tls.c.orig 2009-03-25 13:05:17.000000000 -0400
9
+++ openldap/libraries/libldap/tls.c 2009-03-25 13:09:01.000000000 -0400
11
if ( rc < 0 ) goto error_exit;
15
+ /* FIXME: ITS#5992 - this should go be configurable,
16
+ * and V1 CA certs should be phased out ASAP.
18
+ gnutls_certificate_set_verify_flags(((tls_ctx*) lo->ldo_tls_ctx)->cred,
19
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
23
gnutls_dh_params_init (&((tls_ctx*)
24
lo->ldo_tls_ctx)->dh_params);