File support-tls1.1-and-later.patch of Package mozldap

diff -ur mozldap-6.0.7.orig/c-sdk/ldap/libraries/libssldap/ldapsinit.c mozldap-6.0.7/c-sdk/ldap/libraries/libssldap/ldapsinit.c
--- mozldap-6.0.7.orig/c-sdk/ldap/libraries/libssldap/ldapsinit.c	2011-01-06 13:05:39.000000000 +0100
+++ mozldap-6.0.7/c-sdk/ldap/libraries/libssldap/ldapsinit.c	2019-10-19 12:23:01.010624494 +0200
@@ -60,6 +60,7 @@
 
 #include <errno.h>
 #include <nspr.h>
+#include <nss.h>
 #include <cert.h>
 #include <key.h>
 #include <ssl.h>
@@ -71,6 +72,19 @@
 #include <ldap_ssl.h>
 #include <ldappr.h>
 #include <pk11func.h>
+ 
+#if NSS_VMAJOR * 100 + NSS_VMINOR >= 314
+/* TLS1.1 is defined in RFC4346. */
+#define NSS_TLS11 1
+static SSLVersionRange enabledNSSVersions;
+static SSLVersionRange ldapNSSVersions;
+#else
+/* 
+ *  * TLS1.0 is defined in RFC2246.
+ *   * Close to SSL 3.0.
+ *    */
+#define NSS_TLS10 1
+#endif
 
 /*
  * Macro that determines how many SSL options we support. As of June, 2002
@@ -248,6 +262,18 @@
     LDAPSSLSocketInfo	*ssoip = NULL;
     LDAPSSLSessionInfo	*sseip;
     PRFileDesc		*sslfd = NULL;
+#if defined(NSS_TLS11)
+    SECStatus sslStatus = SECSuccess;
+    char *s = getenv("LDAPSSL_ALLOW_OLD_SSL_VERSION");
+    /* Get the range of the supported SSL version */
+    SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledNSSVersions);
+    if (s) {
+        ldapNSSVersions.min = enabledNSSVersions.min;
+    } else {
+        ldapNSSVersions.min = SSL_LIBRARY_VERSION_TLS_1_1;
+    }
+    ldapNSSVersions.max = enabledNSSVersions.max;
+#endif
 
     /*
      * Determine if secure option is set.  Also, clear secure bit in options
@@ -306,7 +332,16 @@
 	goto close_socket_and_exit_with_error;
     }
 
+#if defined(NSS_TLS11)
+    sslStatus = SSL_VersionRangeSet(sslfd, &ldapNSSVersions);
+    if (sslStatus != SECSuccess) {
+        goto close_socket_and_exit_with_error;
+    }
+#endif
     if ( SSL_OptionSet( sslfd, SSL_SECURITY, secure ) != SECSuccess ||
+#if defined(NSS_TLS10)
+         SSL_OptionSet( sslfd, SSL_ENABLE_TLS, secure ) ||
+#endif
 		SSL_OptionSet( sslfd, SSL_HANDSHAKE_AS_CLIENT, secure )
 		!= SECSuccess || ( secure && SSL_ResetHandshake( sslfd,
 		PR_FALSE ) != SECSuccess )) {
@@ -516,6 +551,18 @@
     int			rc = LDAP_LOCAL_ERROR;
     char 		*hostlist = NULL;
     struct lextiof_socket_private *socketargp = NULL;
+#if defined(NSS_TLS11)
+    SECStatus sslStatus = SECSuccess;
+    char *s = getenv("LDAPSSL_ALLOW_OLD_SSL_VERSION");
+    /* Get the range of the supported SSL version */
+    SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledNSSVersions);
+    if (s) {
+        ldapNSSVersions.min = enabledNSSVersions.min;
+    } else {
+        ldapNSSVersions.min = SSL_LIBRARY_VERSION_TLS_1_1;
+    }
+    ldapNSSVersions.max = enabledNSSVersions.max;
+#endif
         
     /*
      * Get hostlist from LDAP Handle
@@ -1371,11 +1418,23 @@
     LDAPSSLSocketInfo				*ssoip = NULL;
     LDAPSSLSessionInfo				*sseip;
     PRFileDesc						*sslfd = NULL;
-	LBER_SOCKET						intfd = -1;
-	char							*hostlist;
-	struct lextiof_socket_private	*socketargp;
+    LBER_SOCKET						intfd = -1;
+    char							*hostlist;
+    struct lextiof_socket_private	*socketargp;
+#if defined(NSS_TLS11)
+    SECStatus sslStatus = SECSuccess;
+    char *s = getenv("LDAPSSL_ALLOW_OLD_SSL_VERSION");
+    /* Get the range of the supported SSL version */
+    SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledNSSVersions);
+    if (s) {
+        ldapNSSVersions.min = enabledNSSVersions.min;
+    } else {
+        ldapNSSVersions.min = SSL_LIBRARY_VERSION_TLS_1_1;
+    }
+    ldapNSSVersions.max = enabledNSSVersions.max;
+#endif
 
-	/*
+    /*
      * Get hostlist from LDAP Handle
      */
     if ( ldap_get_option(ld, LDAP_OPT_HOST_NAME, &hostlist) < 0 ) {
@@ -1432,8 +1491,16 @@
         goto reset_socket_and_exit_with_error;
     }
 
+#if defined(NSS_TLS11)
+    sslStatus = SSL_VersionRangeSet(sslfd, &ldapNSSVersions);
+    if (sslStatus != SECSuccess) {
+        goto reset_socket_and_exit_with_error;
+    }
+#endif
     if ( SSL_OptionSet( sslfd, SSL_SECURITY, secure ) != SECSuccess ||
-				SSL_OptionSet( sslfd, SSL_ENABLE_TLS, secure ) ||
+#if defined(NSS_TLS10)
+                SSL_OptionSet( sslfd, SSL_ENABLE_TLS, secure ) ||
+#endif
                 SSL_OptionSet( sslfd, SSL_HANDSHAKE_AS_CLIENT, secure )
                 != SECSuccess || ( secure && SSL_ResetHandshake( sslfd,
                 PR_FALSE ) != SECSuccess )) {
Only in mozldap-6.0.7/c-sdk/ldap/libraries/libssldap: ldapsinit.c.orig
Only in mozldap-6.0.7/c-sdk/ldap/libraries/libssldap: ldapsinit.c.rej