(ITS#6278) Patch - Enhancement - provide support for PEM files in MozNSS crypto

[rmeggins@redhat.com]

Full_Name: Rich Megginson
Version: 2.4.18 (current CVS HEAD)
OS: Fedora
URL: ftp://ftp.openldap.org/incoming/openldap-2.4.18-moznss-20090828.patch
Submission from: (NULL) (76.113.59.19)


This patch adds support for reading PEM encoded cert and key files to the MozNSS
crypto implementation.  It depends on having the nsspem module library available
somewhere for the runtime linker to find it (e.g. on a linux system, it uses
dlopen() to load libnsspem.so).  This module is available on Fedora and is
provided by the package nss-3.12.3.99.  Work is underway to incorporate the PEM
module into MozNSS upstream at mozilla.org.  The current source code repository
is
git://fedorapeople.org/~rcritten/pemnss.git

The tlsm_init code attempts to determine if you are using PEM files or are using
a MozNSS key/cert database.  If you specify the TLS cacertdir directive, and
that directory has valid key/cert databases in it, it will use them.  Otherwise,
it will load the PEM module and attempt to load the certs and keys specified by
cacertdir, cacertfile, certfile, and keyfile.

    This patch file is derived from OpenLDAP Software. All of the 
modifications to OpenLDAP Software represented in the following 
patch(es) were developed by Red Hat, Inc.. Red Hat, Inc. has not 
assigned rights and/or interest in this work to any party. I, Richard 
Megginson am authorized by Red Hat, Inc., my employer, to release this 
work under the following terms.

    Red Hat, Inc. hereby place the following modifications to OpenLDAP 
Software (and only these modifications) into the public domain. Hence, 
these modifications may be freely used and/or redistributed for any 
purpose with or without attribution and/or other notice.