[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7359) [PATCH] MozNSS: prefer unlocked slot when getting private key

Full_Name: Jan Vcelak
Version: git master
OS: Linux
URL: ftp://ftp.openldap.org/incoming/jvcelak-20120820-nss-prefer-unlocked-slot-private-key.patch
Submission from: (NULL) (

With last MozNSS patches for OpenLDAP, the library explicitly opens the
certificate database when retrieving the certificates, even if the database is
already opened. (Requried for safe certificate lookup from a nickname.) This
might also require a re-authentication to a slot, which holds the private key.

Some application might expect that the slot with private key is already unlocked
before passing the control to libldap. This got broken with the recent changes.

I'm attaching a patch which fixes it. If the certificate (and corresponding key)
is held in multiple slots, libldap will take the key from an already
authenticated slot.

The attached file is derived from OpenLDAP Software. All of the modifications to
OpenLDAP Software represented in the following patch(es) were developed by Red
Hat. Red Hat has not assigned rights and/or interest in this work to any party.
I, Jan Vcelak am authorized by Red Hat, my employer, to release this work under
the following terms. 

Red Hat hereby place the following modifications to OpenLDAP Software (and only
these modifications) into the public domain. Hence, these modifications may be
freely used and/or redistributed for any purpose with or without attribution
and/or other notice.