[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6703) Patch - Mozilla NSS - reject non-file key and cert files

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6703) Patch - Mozilla NSS - reject non-file key and cert files
From: rmeggins@redhat.com
Date: Mon, 15 Nov 2010 21:03:38 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

  On 11/15/2010 01:22 PM, Howard Chu wrote:
> rmeggins@redhat.com wrote:
>>    On 11/15/2010 12:39 PM, Howard Chu wrote:
>>> rmeggins@redhat.com wrote:
>>>> Full_Name: Rich Megginson
>>>> Version: 2.4.23 (current CVS HEAD)
>>>> OS: RHEL5
>>>> URL:
>>>> ftp://ftp.openldap.org/incoming/openldap-2.4.23-reject_non_file_key_cert_pem_files-20101111.patch 
>>>>
>>>> Submission from: (NULL) (76.113.111.209)
>>>>
>>>>
>>>> If you specify a directory instead of a file to TLS_CACERT, or if one
>>>> of the
>>>> items in the TLS_CACERTDIR is a directory, the NSS PEM reader will
>>>> crash.  This
>>>> patch rejects any item which looks like a directory.
>>>
>>> It sounds like this is a bug that ought to be patched in the NSS PEM
>>> reader instead, no?
>>>
>> Yes, you are correct.  I have filed this bug -
>> https://bugzilla.redhat.com/show_bug.cgi?id=653619
>> But the patch to openldap will allow it to bypass this problem.
>
> OK. I've reviewed and committed all of your patches 6703-6706.
>
Thanks!

Prev by Date: Re: (ITS#6703) Patch - Mozilla NSS - reject non-file key and cert files
Next by Date: (ITS#6711) Problems with ppolicy_forward_updates and starttls with certificate-based auth
Index(es):
- Chronological
- Thread