gentoo-full-overlay/net-nds/nsscache/files/nsscache-0.8.3-starttls.patch

Some LDAP configurations require STARTTLS, like the Gentoo infrastructure one.
Add a new configuration file to do it.

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>

diff -Nuar nsscache-0.8.3.orig/nss_cache/sources/ldapsource.py nsscache-0.8.3/nss_cache/sources/ldapsource.py
--- nsscache-0.8.3.orig/nss_cache/sources/ldapsource.py	2008-09-08 18:31:58.000000000 -0700
+++ nsscache-0.8.3/nss_cache/sources/ldapsource.py	2009-05-24 16:50:59.579112740 -0700
@@ -76,6 +76,8 @@
       self.conn = rlo(uri=conf['uri'],
                       retry_max=conf['retry_max'],
                       retry_delay=conf['retry_delay'])
+      if conf['tls_starttls'] == 1:
+          self.conn.start_tls_s()
     else:
       self.conn = conn
 
@@ -107,6 +109,8 @@
       configuration['tls_cacertdir'] = self.TLS_CACERTDIR
     if not 'tls_cacertfile' in configuration:
       configuration['tls_cacertfile'] = self.TLS_CACERTFILE
+    if not 'tls_starttls' in configuration:
+      configuration['tls_starttls'] = 0
 
     # Translate tls_require into appropriate constant, if necessary.
     if configuration['tls_require_cert'] == 'never':
@@ -120,6 +124,13 @@
     elif configuration['tls_require_cert'] == 'try':
       configuration['tls_require_cert'] = ldap.OPT_X_TLS_TRY
 
+    # Should we issue STARTTLS?
+    if configuration['tls_starttls'] in (1, '1', 'on', 'yes', 'true'):
+        configuration['tls_starttls'] = 1
+    #if not configuration['tls_starttls']:
+    else:
+      configuration['tls_starttls'] = 0
+
     # Setting global ldap defaults.
     ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
                     configuration['tls_require_cert'])
diff -Nuar nsscache-0.8.3.orig/nsscache.conf nsscache-0.8.3/nsscache.conf
--- nsscache-0.8.3.orig/nsscache.conf	2008-09-08 18:31:58.000000000 -0700
+++ nsscache-0.8.3/nsscache.conf	2009-05-24 16:51:25.468374563 -0700
@@ -70,6 +70,9 @@
 # Default filename for trusted CAs
 #ldap_tls_cacertfile = '/usr/share/ssl/cert.pem'
 
+# Should we issue STARTTLS?
+# ldap_tls_starttls = 1
+
 
 ##
 # nssdb module defaults