Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv727/ldapserver/ldap/servers/slapd
Modified Files:
ssl.c
Log Message:
Resolves: bug 479202
Bug Description: Acceptance test: mmrepl {accept,chainonupdate} : slapd dumps core during
accept_cleanup()
Reviewed by: nkinder (Thanks!)
Fix Description: Have to call ldapssl_set_option(ld, SSL_NO_CACHE, PR_TRUE) after setting
up the connection for client auth
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
Index: ssl.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/ssl.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- ssl.c 5 Dec 2008 22:41:52 -0000 1.21
+++ ssl.c 13 Jan 2009 19:01:10 -0000 1.22
@@ -1159,15 +1159,6 @@
/* Free config data */
- /* We cannot allow NSS to cache outgoing client auth connections -
- each client auth connection must have it's own non-shared SSL
- connection to the peer so that it will go through the
- entire handshake protocol every time including the use of its
- own unique client cert - see bug 605457
- */
-
- ldapssl_set_option(ld, SSL_NO_CACHE, PR_TRUE);
-
#ifndef _WIN32
StdPinObj = (SVRCOREStdPinObj *)SVRCORE_GetRegisteredPinObj();
err = SVRCORE_StdPinGetPin( &pw, StdPinObj, token );
@@ -1188,6 +1179,15 @@
SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
SERVER_KEY_NAME, cert_name, rc,
errorCode, slapd_pr_strerror(errorCode));
+ } else {
+ /* We cannot allow NSS to cache outgoing client auth connections -
+ each client auth connection must have it's own non-shared SSL
+ connection to the peer so that it will go through the
+ entire handshake protocol every time including the use of its
+ own unique client cert - see bug 605457
+ */
+
+ ldapssl_set_option(ld, SSL_NO_CACHE, PR_TRUE);
}
}
Show replies by date