diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:49:47 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:49:47 +0000 |
| commit | b486f33989b6fa5fd31509219f0c1e55a2dc7db3 (patch) | |
| tree | 62b4ab75fb48b8aa9472b4ceee53943d2443ffb2 /debian/patches/fix-tls-client-cert-common-name-2.patch | |
| parent | Adding upstream version 3.2.1+dfsg. (diff) | |
| download | freeradius-b486f33989b6fa5fd31509219f0c1e55a2dc7db3.tar.xz freeradius-b486f33989b6fa5fd31509219f0c1e55a2dc7db3.zip | |
Adding debian version 3.2.1+dfsg-4+deb12u1.debian/3.2.1+dfsg-4+deb12u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/fix-tls-client-cert-common-name-2.patch')
| -rw-r--r-- | debian/patches/fix-tls-client-cert-common-name-2.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/debian/patches/fix-tls-client-cert-common-name-2.patch b/debian/patches/fix-tls-client-cert-common-name-2.patch new file mode 100644 index 0000000..f7207db --- /dev/null +++ b/debian/patches/fix-tls-client-cert-common-name-2.patch @@ -0,0 +1,29 @@ +From 3d08027f30c6d9c1eaccf7d60c68c8f7d78017c3 Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" <aland@freeradius.org> +Date: Wed, 26 Oct 2022 07:31:43 -0400 +Subject: [PATCH] fix cert order only for lookup=0. Fixes #4785 + +--- + src/main/tls.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/main/tls.c b/src/main/tls.c +index a33699cbb66e..c67148cf12c7 100644 +--- a/src/main/tls.c ++++ b/src/main/tls.c +@@ -3015,7 +3015,14 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) + */ + if (lookup > 1) { + if (!my_ok) lookup = 1; +- } else { ++ ++ } else if (lookup == 0) { ++ /* ++ * This flag is only set for outbound ++ * connections. And then allows us to remap SSL ++ * offset 0 (server) to our offset 1 (also ++ * server). ++ */ + lookup = (SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_FIX_CERT_ORDER) != NULL); + } + |