diff options
Diffstat (limited to 'net-nds/nsscache/files/nsscache-0.8.3-starttls.patch')
-rw-r--r-- | net-nds/nsscache/files/nsscache-0.8.3-starttls.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/net-nds/nsscache/files/nsscache-0.8.3-starttls.patch b/net-nds/nsscache/files/nsscache-0.8.3-starttls.patch new file mode 100644 index 000000000000..2ca9c1feec9b --- /dev/null +++ b/net-nds/nsscache/files/nsscache-0.8.3-starttls.patch @@ -0,0 +1,53 @@ +Some LDAP configurations require STARTTLS, like the Gentoo infrastructure one. +Add a new configuration file to do it. + +Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> + +diff -Nuar nsscache-0.8.3.orig/nss_cache/sources/ldapsource.py nsscache-0.8.3/nss_cache/sources/ldapsource.py +--- nsscache-0.8.3.orig/nss_cache/sources/ldapsource.py 2008-09-08 18:31:58.000000000 -0700 ++++ nsscache-0.8.3/nss_cache/sources/ldapsource.py 2009-05-24 16:50:59.579112740 -0700 +@@ -76,6 +76,8 @@ + self.conn = rlo(uri=conf['uri'], + retry_max=conf['retry_max'], + retry_delay=conf['retry_delay']) ++ if conf['tls_starttls'] == 1: ++ self.conn.start_tls_s() + else: + self.conn = conn + +@@ -107,6 +109,8 @@ + configuration['tls_cacertdir'] = self.TLS_CACERTDIR + if not 'tls_cacertfile' in configuration: + configuration['tls_cacertfile'] = self.TLS_CACERTFILE ++ if not 'tls_starttls' in configuration: ++ configuration['tls_starttls'] = 0 + + # Translate tls_require into appropriate constant, if necessary. + if configuration['tls_require_cert'] == 'never': +@@ -120,6 +124,13 @@ + elif configuration['tls_require_cert'] == 'try': + configuration['tls_require_cert'] = ldap.OPT_X_TLS_TRY + ++ # Should we issue STARTTLS? ++ if configuration['tls_starttls'] in (1, '1', 'on', 'yes', 'true'): ++ configuration['tls_starttls'] = 1 ++ #if not configuration['tls_starttls']: ++ else: ++ configuration['tls_starttls'] = 0 ++ + # Setting global ldap defaults. + ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, + configuration['tls_require_cert']) +diff -Nuar nsscache-0.8.3.orig/nsscache.conf nsscache-0.8.3/nsscache.conf +--- nsscache-0.8.3.orig/nsscache.conf 2008-09-08 18:31:58.000000000 -0700 ++++ nsscache-0.8.3/nsscache.conf 2009-05-24 16:51:25.468374563 -0700 +@@ -70,6 +70,9 @@ + # Default filename for trusted CAs + #ldap_tls_cacertfile = '/usr/share/ssl/cert.pem' + ++# Should we issue STARTTLS? ++# ldap_tls_starttls = 1 ++ + + ## + # nssdb module defaults |