]> git.ipfire.org Git - thirdparty/openldap.git/commitdiff
projects / thirdparty / openldap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8eecc9a)
ITS#6998 MozNSS: when cert not required, ignore issuer expiration
authorJan Vcelak <jvcelak@redhat.com>
Wed, 20 Jul 2011 16:55:33 +0000 (18:55 +0200)
committerHoward Chu <hyc@openldap.org>
Thu, 21 Jul 2011 18:59:06 +0000 (11:59 -0700)
When server certificate is not required in a TLS session (e.g.
TLS_REQCERT is set to 'never'), ignore expired issuer certificate error
and do not terminate the connection.

libraries/libldap/tls_m.c patch | blob | blame | history

diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
index 32af7ec7c0a87d4613b9018d830fa8bfa90e0f4d..7ae7d8216c6756c441b0a380c3f0b59ba583268b 100644 (file)
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@@ -671,6 +671,7 @@ tlsm_bad_cert_handler(void *arg, PRFileDesc *ssl)
        case SEC_ERROR_UNTRUSTED_ISSUER:
        case SEC_ERROR_UNKNOWN_ISSUER:
        case SEC_ERROR_EXPIRED_CERTIFICATE:
+       case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
                if (ctx->tc_verify_cert) {
                        success = SECFailure;
                }
Mirror of https://git.openldap.org/openldap/openldap.git