[Fedora-directory-commits] ldapserver/ldap/servers/slapd ssl.c, 1.21, 1.22

Richard Allen Megginson rmeggins at fedoraproject.org
Tue Jan 13 19:01:13 UTC 2009 

Author: rmeggins

Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv727/ldapserver/ldap/servers/slapd

Modified Files:
	ssl.c 
Log Message:
Resolves: bug 479202
Bug Description: Acceptance test: mmrepl {accept,chainonupdate} : slapd dumps core during accept_cleanup()
Reviewed by: nkinder (Thanks!)
Fix Description: Have to call ldapssl_set_option(ld, SSL_NO_CACHE, PR_TRUE) after setting up the connection for client auth
Platforms tested: RHEL5
Flag Day: no
Doc impact: no



Index: ssl.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/ssl.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- ssl.c	5 Dec 2008 22:41:52 -0000	1.21
+++ ssl.c	13 Jan 2009 19:01:10 -0000	1.22
@@ -1159,15 +1159,6 @@
 
     /* Free config data */
 
-	/* We cannot allow NSS to cache outgoing client auth connections -
-	   each client auth connection must have it's own non-shared SSL
-	   connection to the peer so that it will go through the
-	   entire handshake protocol every time including the use of its
-	   own unique client cert - see bug 605457
-	*/
-
-	ldapssl_set_option(ld, SSL_NO_CACHE, PR_TRUE);
-
 #ifndef _WIN32
     StdPinObj = (SVRCOREStdPinObj *)SVRCORE_GetRegisteredPinObj();
     err =  SVRCORE_StdPinGetPin( &pw, StdPinObj, token );
@@ -1188,6 +1179,15 @@
 				SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
 			    SERVER_KEY_NAME, cert_name, rc, 
 			    errorCode, slapd_pr_strerror(errorCode));
+	} else {
+	    /* We cannot allow NSS to cache outgoing client auth connections -
+	       each client auth connection must have it's own non-shared SSL
+	       connection to the peer so that it will go through the
+	       entire handshake protocol every time including the use of its
+	       own unique client cert - see bug 605457
+	    */
+
+	    ldapssl_set_option(ld, SSL_NO_CACHE, PR_TRUE);
 	}
     }

More information about the Fedora-directory-commits mailing list