openldap2 (2.1.30-2ubuntu4.1) warty-security; urgency=low
* SECURITY UPDATE: Fix TLS sanity check.
* libraries/libldap/tls.c, ldap_start_tls_s(): If we use referred
connections (like a slave->master handover) whose first connection (to the
slave) already uses TLS, then do the "TLS already enabled" sanity check on
the referred, not the first connection. Without this patch, pam-ldap and
nss-ldap are not able to use TLS on referred connections since they were
rejected by the broken sanity check.
* References:
CAN-2005-2069
http://bugzilla.padl.com/show_bug.cgi?id=210
-- Martin Pitt <email address hidden> Tue, 5 Jul 2005 10:36:17 +0200