Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-nds/nsscache/files/nsscache-0.8.3-starttls.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-nds/nsscache/files/nsscache-0.8.3-starttls.patch')
-rw-r--r--net-nds/nsscache/files/nsscache-0.8.3-starttls.patch53
1 files changed, 53 insertions, 0 deletions
diff --git a/net-nds/nsscache/files/nsscache-0.8.3-starttls.patch b/net-nds/nsscache/files/nsscache-0.8.3-starttls.patch
new file mode 100644
index 000000000000..2ca9c1feec9b
--- /dev/null
+++ b/net-nds/nsscache/files/nsscache-0.8.3-starttls.patch
@@ -0,0 +1,53 @@
+Some LDAP configurations require STARTTLS, like the Gentoo infrastructure one.
+Add a new configuration file to do it.
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+
+diff -Nuar nsscache-0.8.3.orig/nss_cache/sources/ldapsource.py nsscache-0.8.3/nss_cache/sources/ldapsource.py
+--- nsscache-0.8.3.orig/nss_cache/sources/ldapsource.py 2008-09-08 18:31:58.000000000 -0700
++++ nsscache-0.8.3/nss_cache/sources/ldapsource.py 2009-05-24 16:50:59.579112740 -0700
+@@ -76,6 +76,8 @@
+ self.conn = rlo(uri=conf['uri'],
+ retry_max=conf['retry_max'],
+ retry_delay=conf['retry_delay'])
++ if conf['tls_starttls'] == 1:
++ self.conn.start_tls_s()
+ else:
+ self.conn = conn
+
+@@ -107,6 +109,8 @@
+ configuration['tls_cacertdir'] = self.TLS_CACERTDIR
+ if not 'tls_cacertfile' in configuration:
+ configuration['tls_cacertfile'] = self.TLS_CACERTFILE
++ if not 'tls_starttls' in configuration:
++ configuration['tls_starttls'] = 0
+
+ # Translate tls_require into appropriate constant, if necessary.
+ if configuration['tls_require_cert'] == 'never':
+@@ -120,6 +124,13 @@
+ elif configuration['tls_require_cert'] == 'try':
+ configuration['tls_require_cert'] = ldap.OPT_X_TLS_TRY
+
++ # Should we issue STARTTLS?
++ if configuration['tls_starttls'] in (1, '1', 'on', 'yes', 'true'):
++ configuration['tls_starttls'] = 1
++ #if not configuration['tls_starttls']:
++ else:
++ configuration['tls_starttls'] = 0
++
+ # Setting global ldap defaults.
+ ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
+ configuration['tls_require_cert'])
+diff -Nuar nsscache-0.8.3.orig/nsscache.conf nsscache-0.8.3/nsscache.conf
+--- nsscache-0.8.3.orig/nsscache.conf 2008-09-08 18:31:58.000000000 -0700
++++ nsscache-0.8.3/nsscache.conf 2009-05-24 16:51:25.468374563 -0700
+@@ -70,6 +70,9 @@
+ # Default filename for trusted CAs
+ #ldap_tls_cacertfile = '/usr/share/ssl/cert.pem'
+
++# Should we issue STARTTLS?
++# ldap_tls_starttls = 1
++
+
+ ##
+ # nssdb module defaults