Issue 6998 - MozNSS: when server certificate is not required, ignore expired issuer errors
Summary: MozNSS: when server certificate is not required, ignore expired issuer errors
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: 2.4.26
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-20 17:05 UTC by jvcelak@redhat.com
Modified: 2014-08-01 21:04 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description jvcelak@redhat.com 2011-07-20 17:05:07 UTC 
Full_Name: Jan Vcelak
Version: 2.4.26
OS: Linux
URL: ftp://ftp.openldap.org/incoming/jvcelak-nss-ignore-issuer-expiration-110720.patch
Submission from: (NULL) (209.132.186.34)


Hello.

When the server certificate validity is not required in a TLS session (e.g.
TLS_REQCERT is set to 'never'), expired certificate of the issuer of the server
certificate causes the connection to be terminated.

Uploaded patch fixes this by adding SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE error
to the list of ignored errors, when the certificate is not being checked. The
patch is created against OPENLDAP_REL_ENG_2_4 branch.

Jan
Comment 1 Howard Chu 2011-07-21 19:02:37 UTC 
changed notes
changed state Open to Test
moved from Incoming to Software Bugs
Comment 2 Quanah Gibson-Mount 2011-10-05 23:18:15 UTC 
changed notes
changed state Test to Release
Comment 3 Quanah Gibson-Mount 2011-11-28 18:37:21 UTC 
changed notes
changed state Release to Closed
Comment 4 OpenLDAP project 2014-08-01 21:04:37 UTC 
applied to master
applied to RE24