[packages/openldap] - default path for CA certs search

Sun Sep 3 20:46:05 CEST 2017

commit 1f48008599d4a9734acc45cd1985e1721669614d
Author: Adam Osuchowski <adwol at pld-linux.org>
Date:   Sun Sep 3 20:44:24 2017 +0200

    - default path for CA certs search

 openldap-default_cacert_path.patch | 13 +++++++++++++
 openldap.spec                      |  2 ++
 2 files changed, 15 insertions(+)
---

diff --git a/openldap.spec b/openldap.spec
index 4185bd5..a96f7ab 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -59,6 +59,7 @@ Patch19:	%{name}-gcc47.patch
 Patch20:	%{name}-man.patch
 Patch22:	%{name}-am.patch
 Patch23:	%{name}-db.patch
+Patch24:	%{name}-default_cacert_path.patch
 # Patch for the evolution library
 Patch100:	%{name}-ntlm.diff
 URL:		http://www.openldap.org/
@@ -1247,6 +1248,7 @@ cd %{name}
 %patch20 -p1
 %patch22 -p1
 %patch23 -p1
+%patch24 -p1
 %if %{with krb5}
 %patch17 -p1
 %endif
diff --git a/openldap-default_cacert_path.patch b/openldap-default_cacert_path.patch
new file mode 100644
index 0000000..813d790
--- /dev/null
+++ b/openldap-default_cacert_path.patch
@@ -0,0 +1,13 @@
+diff -ruNp openldap-2.4.45.orig/libraries/libldap/tls_o.c openldap-2.4.45/libraries/libldap/tls_o.c
+--- openldap-2.4.45.orig/libraries/libldap/tls_o.c	2017-06-01 22:01:07.000000000 +0200
++++ openldap-2.4.45/libraries/libldap/tls_o.c	2017-09-03 20:23:39.222111712 +0200
+@@ -275,7 +275,8 @@ tlso_ctx_init( struct ldapoptions *lo, s
+ 		}
+ 	} else {
+ 		if ( !SSL_CTX_load_verify_locations( ctx,
+-				lt->lt_cacertfile, lt->lt_cacertdir ) )
++				lt->lt_cacertfile, lt->lt_cacertdir ) ||
++			!SSL_CTX_set_default_verify_paths( ctx ) )
+ 		{
+ 			Debug( LDAP_DEBUG_ANY, "TLS: "
+ 				"could not load verify locations (file:`%s',dir:`%s').\n",
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/openldap.git/commitdiff/46dff2fa95ba14a64e9338f9f664924c831f815c

