[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7240) [PATCH] MozNSS: skip hostname check if peer certificate was not requested

> Sounds like a simple sequencing bug then. Just initialize the global
> options
> before the first ldap_initialize() call.

Sudo parses the options in config file and stores them in a table:

This table is then iterated and all options are being set. The
problem is that some options are set with LDAP handle provided
and some are not. This means that the handle has to be created
before. The change proposed by you would require the change of
this well-arranged and transparent concept.

It can be a sequencing bug, but this particular situation is not
described anywhere. And OpenSSL has a different behavior. My patch
updates Mozilla NSS backend to behave the same as OpenSSL backend.

I still think this should be fixed in OpenLDAP rather than in sudo.