1 files changed, 29 insertions, 0 deletions

diff --git a/debian/patches/ldap-conf-tls-cacertdir b/debian/patches/ldap-conf-tls-cacertdir
new file mode 100644
index 0000000..e8aab91
--- /dev/null
+++ b/debian/patches/ldap-conf-tls-cacertdir
@@ -0,0 +1,29 @@
+--- a/doc/man/man5/ldap.conf.5
++++ b/doc/man/man5/ldap.conf.5
+@@ -317,7 +317,7 @@ certificates in separate individual file
+ .B TLS_CACERT
+ is always used before
+ .B TLS_CACERTDIR.
+-This parameter is ignored with GnuTLS.
++This parameter is ignored with GnuTLS. On Debian openldap is linked against GnuTLS.
+ 
+ When using Mozilla NSS, <path> may contain a Mozilla NSS cert/key
+ database.  If <path> contains a Mozilla NSS cert/key database and
+@@ -428,7 +428,7 @@ This parameter is ignored with GnuTLS.
+ Specifies the file to obtain random bits from when /dev/[u]random is
+ not available. Generally set to the name of the EGD/PRNGD socket.
+ The environment variable RANDFILE can also be used to specify the filename.
+-This parameter is ignored with GnuTLS and Mozilla NSS.
++This parameter is ignored with GnuTLS and Mozilla NSS. On Debian openldap is linked against GnuTLS.
+ .TP
+ .B TLS_REQCERT <level>
+ Specifies what checks to perform on server certificates in a TLS session,
+@@ -461,7 +461,7 @@ Specifies if the Certificate Revocation
+ used to verify if the server certificates have not been revoked. This
+ requires
+ .B TLS_CACERTDIR
+-parameter to be set. This parameter is ignored with GnuTLS and Mozilla NSS.
++parameter to be set. This parameter is ignored with GnuTLS and Mozilla NSS. On Debian openldap is linked against GnuTLS.
+ .B <level>
+ can be specified as one of the following keywords:
+ .RS