[Date Prev][Date Next]
Re: (ITS#6703) Patch - Mozilla NSS - reject non-file key and cert files
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6703) Patch - Mozilla NSS - reject non-file key and cert files
- From: firstname.lastname@example.org
- Date: Mon, 15 Nov 2010 20:22:37 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
> On 11/15/2010 12:39 PM, Howard Chu wrote:
>> email@example.com wrote:
>>> Full_Name: Rich Megginson
>>> Version: 2.4.23 (current CVS HEAD)
>>> OS: RHEL5
>>> Submission from: (NULL) (126.96.36.199)
>>> If you specify a directory instead of a file to TLS_CACERT, or if one
>>> of the
>>> items in the TLS_CACERTDIR is a directory, the NSS PEM reader will
>>> crash. This
>>> patch rejects any item which looks like a directory.
>> It sounds like this is a bug that ought to be patched in the NSS PEM
>> reader instead, no?
> Yes, you are correct. I have filed this bug -
> But the patch to openldap will allow it to bypass this problem.
OK. I've reviewed and committed all of your patches 6703-6706.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/