[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6998) MozNSS: when server certificate is not required, ignore expired issuer errors

To: openldap-its@OpenLDAP.org
Subject: (ITS#6998) MozNSS: when server certificate is not required, ignore expired issuer errors
From: jvcelak@redhat.com
Date: Wed, 20 Jul 2011 17:05:07 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Jan Vcelak
Version: 2.4.26
OS: Linux
URL: ftp://ftp.openldap.org/incoming/jvcelak-nss-ignore-issuer-expiration-110720.patch
Submission from: (NULL) (209.132.186.34)


Hello.

When the server certificate validity is not required in a TLS session (e.g.
TLS_REQCERT is set to 'never'), expired certificate of the issuer of the server
certificate causes the connection to be terminated.

Uploaded patch fixes this by adding SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE error
to the list of ignored errors, when the certificate is not being checked. The
patch is created against OPENLDAP_REL_ENG_2_4 branch.

Jan

Prev by Date: Re: (ITS#6770) Proxy authorization fails with SASL-GSSAPI
Next by Date: (ITS#6999) retry: counter not reaching zero, continuing on
Index(es):
- Chronological
- Thread