rmeggins@redhat.com wrote:
Full_Name: Richard Megginson Version: 2.4.20 OS: Fedora 11 URL: ftp://ftp.openldap.org/incoming/openldap-2.4.20-tls_m_c-InitContext-PEM-20091218.patch Submission from: (NULL) (76.113.111.209)
This patch adds support for the new NSS_InitContext() API (new in NSS 3.12.5).
Thanks for the patch.
Just blindly #defining HAVE_NSS_INITCONTEXT is no good. Isn't there an NSS version symbol we can check in the preprocessor, to make sure it's 3.12.5 or newer? Otherwise we'll need an autoconf test for the existence of the NSS_InitCOntext() function.
This allows apps and libraries to initialize NSS from different contexts. I've also cleaned up some of the code around PEM file support. I also had to call SSL_SetURL in order to put the correct hostname in the SSL socket for cert validation.
I explicitly withheld the hostname to force our own cert validation function to be used. The NSS hostname validator's behavior is inconsistent with the LDAP spec.