[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6703) Patch - Mozilla NSS - reject non-file key and cert files

rmeggins@redhat.com wrote:
>    On 11/15/2010 12:39 PM, Howard Chu wrote:
>> rmeggins@redhat.com wrote:
>>> Full_Name: Rich Megginson
>>> Version: 2.4.23 (current CVS HEAD)
>>> OS: RHEL5
>>> URL:
>>> ftp://ftp.openldap.org/incoming/openldap-2.4.23-reject_non_file_key_cert_pem_files-20101111.patch
>>> Submission from: (NULL) (
>>> If you specify a directory instead of a file to TLS_CACERT, or if one
>>> of the
>>> items in the TLS_CACERTDIR is a directory, the NSS PEM reader will
>>> crash.  This
>>> patch rejects any item which looks like a directory.
>> It sounds like this is a bug that ought to be patched in the NSS PEM
>> reader instead, no?
> Yes, you are correct.  I have filed this bug -
> https://bugzilla.redhat.com/show_bug.cgi?id=653619
> But the patch to openldap will allow it to bypass this problem.

OK. I've reviewed and committed all of your patches 6703-6706.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/