[Pkg-openldap-devel] r1081 - in openldap/trunk/debian: . patches
vorlon at alioth.debian.org
vorlon at alioth.debian.org
Sat Feb 9 01:38:02 UTC 2008
Author: vorlon
Date: 2008-02-09 01:38:02 +0000 (Sat, 09 Feb 2008)
New Revision: 1081
Added:
openldap/trunk/debian/patches/gnutls-altname-nulterminated
Modified:
openldap/trunk/debian/changelog
openldap/trunk/debian/patches/series
Log:
* Fix various regressions related to the introduction of GnuTLS:
- Add new patch, gnutls-ciphers, to fix support for specifying multiple
ciphers with TLSCipherSuite option in slapd.conf. Thanks to Kyle
Moffett <kyle at moffetthome.net> for the patch. Closes LP: #188200.
- Add new patch, slapd-tlsverifyclient-default, to set the intended
default value of "TLSVerifyClient never" in the right place.
- Add new patch, gnutls-altname-nulterminated, to account for differences
in how the "length" is returned for commonName vs. subjectAltName.
Partially addresses bug #462588.
Modified: openldap/trunk/debian/changelog
===================================================================
--- openldap/trunk/debian/changelog 2008-02-09 01:34:50 UTC (rev 1080)
+++ openldap/trunk/debian/changelog 2008-02-09 01:38:02 UTC (rev 1081)
@@ -11,12 +11,15 @@
Closes: #464718.
[ Steve Langasek ]
- * Add new patch, gnutls-ciphers, to fix support for specifying multiple
- ciphers with TLSCipherSuite option in slapd.conf. Thanks to Kyle Moffett
- <kyle at moffetthome.net> for the patch. Closes LP: #188200.
- * Add new patch, slapd-tlsverifyclient-default, to set the intended default
- value of "TLSVerifyClient never" in the right place. Partially addresses
- bug #462588.
+ * Fix various regressions related to the introduction of GnuTLS:
+ - Add new patch, gnutls-ciphers, to fix support for specifying multiple
+ ciphers with TLSCipherSuite option in slapd.conf. Thanks to Kyle
+ Moffett <kyle at moffetthome.net> for the patch. Closes LP: #188200.
+ - Add new patch, slapd-tlsverifyclient-default, to set the intended
+ default value of "TLSVerifyClient never" in the right place.
+ - Add new patch, gnutls-altname-nulterminated, to account for differences
+ in how the "length" is returned for commonName vs. subjectAltName.
+ Partially addresses bug #462588.
* Add new patch from upstream, entryCSN-backwards-compatibility, to support
auto-converting entryCSN attributes in a previously supported old format,
fixing an upgrade failure. Closes: #462099.
Added: openldap/trunk/debian/patches/gnutls-altname-nulterminated
===================================================================
--- openldap/trunk/debian/patches/gnutls-altname-nulterminated (rev 0)
+++ openldap/trunk/debian/patches/gnutls-altname-nulterminated 2008-02-09 01:38:02 UTC (rev 1081)
@@ -0,0 +1,23 @@
+Author: Steve Langasek <vorlon at debian.org>
+
+When using GnuTLS, the size returned for subjectAltNames includes a
+terminating NUL whereas the size of a CN does not; account for this
+difference when comparing certificates.
+
+Partially addresses Debian bug #462588.
+
+To be forwarded upstream.
+
+Index: libraries/libldap/tls.c
+===================================================================
+--- libraries/libldap/tls.c (revision 1074)
++++ libraries/libldap/tls.c (working copy)
+@@ -1846,7 +1846,7 @@
+ if (ntype != IS_DNS) continue;
+
+ /* Is this an exact match? */
+- if ((len1 == altnamesize) && !strncasecmp(name, altname, len1)) {
++ if ((len1 == altnamesize - 1) && !strncasecmp(name, altname, len1)) {
+ break;
+ }
+
Modified: openldap/trunk/debian/patches/series
===================================================================
--- openldap/trunk/debian/patches/series 2008-02-09 01:34:50 UTC (rev 1080)
+++ openldap/trunk/debian/patches/series 2008-02-09 01:38:02 UTC (rev 1081)
@@ -11,3 +11,4 @@
gnutls-ciphers
entryCSN-backwards-compatibility
slapd-tlsverifyclient-default -p0
+gnutls-altname-nulterminated -p0
More information about the Pkg-openldap-devel
mailing list