[SCM] Debian packaging of libnet-ldap-perl branch, master, updated. debian/0.4300-2-7-gf32f6d8
gregor herrmann
gregoa at debian.org
Tue Feb 7 23:36:25 UTC 2012
The following commit has been merged in the master branch:
commit 4c415925a8f488a222d58b089812d6a873638502
Author: gregor herrmann <gregoa at debian.org>
Date: Wed Feb 8 00:14:29 2012 +0100
Remove patch 0001-un-break-certificate-verification.patch.
diff --git a/debian/patches/0001-un-break-certificate-verification.patch b/debian/patches/0001-un-break-certificate-verification.patch
deleted file mode 100644
index 6c01330..0000000
--- a/debian/patches/0001-un-break-certificate-verification.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From a3c4f7fe85129b036d915c9064752d9b542ad803 Mon Sep 17 00:00:00 2001
-From: Peter Marschall <peter at adpm.de>
-Date: Wed, 7 Sep 2011 13:21:48 +0200
-Subject: [PATCH] un-break certificate verification
-
-Commit 041d540 "Specify that we want to use the 'ldap' scheme to verify
-certificates" unconditionally set IO:Socket::SSL's SSL_verify_cn_scheme
-'ldap'.
-
-In principle this is a good thing: it allows to verify whether the name of
-the host we connect to matches the host name in the certificate presented.
-
-But doing it unconditionally led to some trouble:
-* it broke $ldap->start_tls() completely.
- see SSL_verifycn_name in IO::Socket::SSL(3) for why
-* in the case of sslverify = 'none' it created a warning
- on every connect.
-
-This commit fixes both issues.
----
- lib/Net/LDAP.pm | 11 ++++++++++-
- 1 files changed, 10 insertions(+), 1 deletions(-)
-
-~~~
-
-From db0b09089531629c58d61f3c7d8b5daab7fd22a4 Mon Sep 17 00:00:00 2001
-From: Graham Barr <gbarr at pobox.com>
-Date: Fri, 23 Sep 2011 10:06:58 -0500
-Subject: [PATCH] fix copy & paste typo
-
----
- lib/Net/LDAP.pm | 2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
---- a/lib/Net/LDAP.pm
-+++ b/lib/Net/LDAP.pm
-@@ -192,11 +192,18 @@
- my $arg = shift;
-
- my $verify = 0;
-+ my %verifycn_ctx = ();
- my ($clientcert,$clientkey,$passwdcb);
-
- if (exists $arg->{'verify'}) {
- my $v = lc $arg->{'verify'};
- $verify = 0 + (exists $ssl_verify{$v} ? $ssl_verify{$v} : $verify);
-+
-+ if ($verify) {
-+ $verifycn_ctx{SSL_verifycn_scheme} = "ldap";
-+ $verifycn_ctx{SSL_verifycn_name} = $arg->{'sslserver'}
-+ if (defined $arg->{'sslserver'});
-+ }
- }
-
- if (exists $arg->{'clientcert'}) {
-@@ -230,7 +237,7 @@
- SSL_verify_mode => $verify,
- SSL_version => defined $arg->{'sslversion'} ? $arg->{'sslversion'} :
- 'sslv2/3',
-- SSL_verifycn_scheme => "ldap",
-+ %verifycn_ctx,
- );
- }
-
-@@ -1031,6 +1038,8 @@
- delete $ldap->{net_ldap_root_dse};
-
- $arg->{sslversion} = 'tlsv1' unless defined $arg->{sslversion};
-+ $arg->{sslserver} = $ldap->{'net_ldap_host'} unless defined $arg->{sslserver};
-+
- IO::Socket::SSL::context_init( { _SSL_context_init_args($arg) } );
- my $sock_class = ref($sock);
-
diff --git a/debian/patches/series b/debian/patches/series
index 625fa88..5622f22 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1 @@
fix-pod-spelling.patch
-0001-un-break-certificate-verification.patch
--
Debian packaging of libnet-ldap-perl
More information about the Pkg-perl-cvs-commits
mailing list