Full_Name: Jan Vcelak Version: 2.4.26 OS: Linux URL: ftp://ftp.openldap.org/incoming/jvcelak-nss-ignore-issuer-expiration-110720.patch Submission from: (NULL) (209.132.186.34)

Hello.

When the server certificate validity is not required in a TLS session (e.g. TLS_REQCERT is set to 'never'), expired certificate of the issuer of the server certificate causes the connection to be terminated.

Uploaded patch fixes this by adding SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE error to the list of ignored errors, when the certificate is not being checked. The patch is created against OPENLDAP_REL_ENG_2_4 branch.

Jan