A ref change was pushed to the OpenLDAP (openldap.git) repository. It will be available in the public mirror shortly.
The branch, master has been updated via 5e467e489949c4eb9e22953b3e0450a6a00a7399 (commit) via d78cf81648b9766c9e7fe0e72ae7749aeec9951b (commit) from ae24a1a6ac91f5313de91618abe03683798035fe (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 5e467e489949c4eb9e22953b3e0450a6a00a7399 Author: Rich Megginson rmeggins@redhat.com Date: Tue Jun 21 15:58:49 2011 -0700
ITS#6862 MozNSS - workaround PR_SetEnv bug
commit d78cf81648b9766c9e7fe0e72ae7749aeec9951b Author: Rich Megginson rmeggins@redhat.com Date: Mon Jun 20 18:28:48 2011 -0600
ITS#6975 MozNSS - allow cacertdir in most cases
OpenLDAP built with OpenSSL allows most any value of cacertdir - directory is a file, directory does not contain any CA certs, directory does not exist - users expect if they specify TLS_REQCERT=never, no matter what the TLS_CACERTDIR setting is, TLS/SSL will just work. TLS_CACERT, on the other hand, is a hard error. Even if TLS_REQCERT=never, if TLS_CACERT is specified and is not a valid CA cert file, TLS/SSL will fail. This patch makes CACERT errors hard errors, and makes CACERTDIR errors "soft" errors. The code checks CACERT first and, even though the function will return an error, checks CACERTDIR anyway so that if the user sets TRACE mode they will get CACERTDIR processing messages.
-----------------------------------------------------------------------
Summary of changes: libraries/libldap/tls_m.c | 27 +++++++++++++++------------ 1 files changed, 15 insertions(+), 12 deletions(-)
-
openldap-commit2develīŧ OpenLDAP.org