1 Star 0 Fork 11

renping000/openldap

forked from src-anolis-os/openldap 
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
openldap-change-TLS_REQSAN-default-to-TRY.patch 1.82 KB
一键复制 编辑 原始数据 按行查看 历史
小龙 提交于 2022-01-14 11:57 . import openldap-2.4.46-18.el8.src.rpm
From 2dfe3f35c7fef4792f15f0b3f9c9a10e5f9a4692 Mon Sep 17 00:00:00 2001
From: Simon Pichugin <spichugi@rehdat.com>
Date: Thu, 5 Aug 2021 16:15:09 +0200
Subject: [PATCH] Change TLS_REQSAN default to TRY
---
doc/man/man5/ldap.conf.5 | 2 +-
libraries/libldap/init.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
index cde2c875f..9f1aa2c0a 100644
--- a/doc/man/man5/ldap.conf.5
+++ b/doc/man/man5/ldap.conf.5
@@ -479,7 +479,6 @@ The client will not check any SAN in the certificate.
The SAN is checked against the specified hostname. If a SAN is
present but none match the specified hostname, the SANs are ignored
and the usual check against the certificate DN is used.
-This is the default setting.
.TP
.B try
The SAN is checked against the specified hostname. If no SAN is present
@@ -487,6 +486,7 @@ in the server certificate, the usual check against the certificate DN
is used. If a SAN is present but doesn't match the specified hostname,
the session is immediately terminated. This setting may be preferred
when a mix of certs with and without SANs are in use.
+This is the default setting.
.TP
.B demand | hard
These keywords are equivalent. The SAN is checked against the specified
diff --git a/libraries/libldap/init.c b/libraries/libldap/init.c
index 0d91808ec..fa4c176fd 100644
--- a/libraries/libldap/init.c
+++ b/libraries/libldap/init.c
@@ -625,7 +625,7 @@ void ldap_int_initialize_global_options( struct ldapoptions *gopts, int *dbglvl
gopts->ldo_tls_connect_cb = NULL;
gopts->ldo_tls_connect_arg = NULL;
gopts->ldo_tls_require_cert = LDAP_OPT_X_TLS_DEMAND;
- gopts->ldo_tls_require_san = LDAP_OPT_X_TLS_ALLOW;
+ gopts->ldo_tls_require_san = LDAP_OPT_X_TLS_TRY;
#endif
gopts->ldo_keepalive_probes = 0;
gopts->ldo_keepalive_interval = 0;
--
2.31.1
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/renping000/openldap.git
git@gitee.com:renping000/openldap.git
renping000
openldap
openldap
a8

搜索帮助

0d507c66 1850385 C8b1a773 1850385