PR - Ticket 49726 - DS only accepts RSA and Fortezza cipher families

[389-ds-bot]

Cloned from Pagure Pull-Request: https://pagure.io/389-ds-base/pull-request/49727

• Created at 2018-05-27 16:56:01 by mreynolds (@mreynolds389)
• Merged at 2018-05-28 18:04:41

---

Bug Description: Currently DS only accepts fortezza and RSA cipher families.
This prevents things like ECC certificates from being used.

Fix Description: Instead of hardcoding the cipher families, just grab the
current type and use it.

              Also cleaned up code: removed unncessary "ifdefs", and switched
              for loops to use size_t.

Resolves: #2785

Reviewed by: ?

[389-ds-bot]

Comment from mhonek (@kenoh) at 2018-05-28 16:56:13

You got my ACK for the fix itself.

I noticed the PR drops checks for USE_OPENLDAP. For that, we should also remove the #include "ldap_ssl.h" at the top of the file. ldap_ssl.h does not even seem to be in the tree. Other than that, it looks all right to me.

Additionally, I guess it makes sense to get rid of --with-openldap build flag altogether. @mreynolds389, should we file a ticket?

[389-ds-bot]

Comment from mreynolds (@mreynolds389) at 2018-05-28 17:43:15

Yeah we need a different ticket to "remove openldap ifdefs" completely and make openldap the default. I just like to cleanup code when I touch files. Anyway changes applied

[389-ds-bot]

Comment from mreynolds (@mreynolds389) at 2018-05-28 17:43:27

rebased onto 27a16a0

[389-ds-bot]

Comment from mreynolds (@mreynolds389) at 2018-05-28 18:04:42

Pull-Request has been merged by mreynolds389

[389-ds-bot]

Comment from mhonek (@kenoh) at 2018-05-29 14:47:03

Created issue 49730 for "remove openldap ifdefs".

[389-ds-bot]

Patch
49727.patch