[SCM] Debian packaging of libnet-ldap-perl branch, master, updated. debian/0.4300-2-7-gf32f6d8

gregor herrmann gregoa at debian.org
Tue Feb 7 23:36:25 UTC 2012


The following commit has been merged in the master branch:
commit 4c415925a8f488a222d58b089812d6a873638502
Author: gregor herrmann <gregoa at debian.org>
Date:   Wed Feb 8 00:14:29 2012 +0100

    Remove patch 0001-un-break-certificate-verification.patch.

diff --git a/debian/patches/0001-un-break-certificate-verification.patch b/debian/patches/0001-un-break-certificate-verification.patch
deleted file mode 100644
index 6c01330..0000000
--- a/debian/patches/0001-un-break-certificate-verification.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From a3c4f7fe85129b036d915c9064752d9b542ad803 Mon Sep 17 00:00:00 2001
-From: Peter Marschall <peter at adpm.de>
-Date: Wed, 7 Sep 2011 13:21:48 +0200
-Subject: [PATCH] un-break certificate verification
-
-Commit 041d540 "Specify that we want to use the 'ldap' scheme to verify
-certificates" unconditionally set IO:Socket::SSL's SSL_verify_cn_scheme
-'ldap'.
-
-In principle this is a good thing: it allows to verify whether the name of
-the host we connect to matches the host name in the certificate presented.
-
-But doing it unconditionally led to some trouble:
-* it broke $ldap->start_tls() completely.
-  see SSL_verifycn_name in IO::Socket::SSL(3) for why
-* in the case of sslverify = 'none' it created a warning
-  on every connect.
-
-This commit fixes both issues.
----
- lib/Net/LDAP.pm |   11 ++++++++++-
- 1 files changed, 10 insertions(+), 1 deletions(-)
-
-~~~
-
-From db0b09089531629c58d61f3c7d8b5daab7fd22a4 Mon Sep 17 00:00:00 2001
-From: Graham Barr <gbarr at pobox.com>
-Date: Fri, 23 Sep 2011 10:06:58 -0500
-Subject: [PATCH] fix copy & paste typo
-
----
- lib/Net/LDAP.pm |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
---- a/lib/Net/LDAP.pm
-+++ b/lib/Net/LDAP.pm
-@@ -192,11 +192,18 @@
-   my $arg = shift;
- 
-   my $verify = 0;
-+  my %verifycn_ctx = ();
-   my ($clientcert,$clientkey,$passwdcb);
- 
-   if (exists $arg->{'verify'}) {
-       my $v = lc $arg->{'verify'};
-       $verify = 0 + (exists $ssl_verify{$v} ? $ssl_verify{$v} : $verify);
-+
-+      if ($verify) {
-+        $verifycn_ctx{SSL_verifycn_scheme} = "ldap";
-+        $verifycn_ctx{SSL_verifycn_name} = $arg->{'sslserver'}
-+          if (defined $arg->{'sslserver'});
-+      }
-   }
- 
-   if (exists $arg->{'clientcert'}) {
-@@ -230,7 +237,7 @@
-     SSL_verify_mode     => $verify,
-     SSL_version         => defined $arg->{'sslversion'} ? $arg->{'sslversion'} :
-                            'sslv2/3',
--    SSL_verifycn_scheme => "ldap",
-+    %verifycn_ctx,
-   );
- }
- 
-@@ -1031,6 +1038,8 @@
-   delete $ldap->{net_ldap_root_dse};
- 
-   $arg->{sslversion} = 'tlsv1' unless defined $arg->{sslversion};
-+  $arg->{sslserver} = $ldap->{'net_ldap_host'} unless defined $arg->{sslserver};
-+
-   IO::Socket::SSL::context_init( { _SSL_context_init_args($arg) } );
-   my $sock_class = ref($sock);
- 
diff --git a/debian/patches/series b/debian/patches/series
index 625fa88..5622f22 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1 @@
 fix-pod-spelling.patch
-0001-un-break-certificate-verification.patch

-- 
Debian packaging of libnet-ldap-perl



More information about the Pkg-perl-cvs-commits mailing list