[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6703) Patch - Mozilla NSS - reject non-file key and cert files
On 11/15/2010 12:39 PM, Howard Chu wrote:
> rmeggins@redhat.com wrote:
>> Full_Name: Rich Megginson
>> Version: 2.4.23 (current CVS HEAD)
>> OS: RHEL5
>> URL:
>> ftp://ftp.openldap.org/incoming/openldap-2.4.23-reject_non_file_key_cert_pem_files-20101111.patch
>> Submission from: (NULL) (76.113.111.209)
>>
>>
>> If you specify a directory instead of a file to TLS_CACERT, or if one
>> of the
>> items in the TLS_CACERTDIR is a directory, the NSS PEM reader will
>> crash. This
>> patch rejects any item which looks like a directory.
>
> It sounds like this is a bug that ought to be patched in the NSS PEM
> reader instead, no?
>
Yes, you are correct. I have filed this bug -
https://bugzilla.redhat.com/show_bug.cgi?id=653619
But the patch to openldap will allow it to bypass this problem.