lib-ldap: ldap_client_settings - Remove require_ssl

diff --git a/src/lib-ldap/Makefile.am b/src/lib-ldap/Makefile.am
index f33a823ae578ce7776016e0c7255bf7edfb43832..3a7ca234edcffaa30b85d87448f4ff8918944b4c 100644 (file)
--- a/src/lib-ldap/Makefile.am
+++ b/src/lib-ldap/Makefile.am
@@ -44,7 +44,6 @@ pkginc_lib_HEADERS = $(headers)
 
 test_libs = \
        ../lib-test/libtest.la \
-       ../lib-ssl-iostream/libssl_iostream.la \
        ../lib-var-expand/libvar_expand.la \
        ../lib/liblib.la
 

diff --git a/src/lib-ldap/ldap-connection.c b/src/lib-ldap/ldap-connection.c
index b72f115f0b9d68f6b200f8f8252ee16844a85d02..36c76fa01d37e31aa27ff51d41877c7b58b477d1 100644 (file)
--- a/src/lib-ldap/ldap-connection.c
+++ b/src/lib-ldap/ldap-connection.c
@@ -107,14 +107,6 @@ int ldap_connection_init(struct ldap_client *client,
 {
        i_assert(set->uris != NULL && set->uris[0] != '\0');
 
-       if (set->require_ssl &&
-           !set->starttls &&
-           strncmp("ldaps://",set->uris,8) != 0) {
-               *error_r = t_strdup_printf("ldap_connection_init(uris=%s) failed: %s", set->uris,
-                       "uri does not start with ldaps and ssl required without start TLS");
-               return -1;
-       }
-
        pool_t pool = pool_alloconly_create("ldap connection", 1024);
        struct ldap_connection *conn = p_new(pool, struct ldap_connection, 1);
        conn->pool = pool;
@@ -301,13 +293,11 @@ ldap_connection_connect_parse(struct ldap_connection *conn,
                                conn->set->uris, ldap_err2string(ret)));
                        return ret;
                } else if (result_err != 0) {
-                       if (conn->set->require_ssl) {
-                               ldap_connection_result_failure(conn, req, result_err, t_strdup_printf(
-                                       "ldap_start_tls(uris=%s) failed: %s",
-                                       conn->set->uris, result_errmsg));
-                               ldap_memfree(result_errmsg);
-                               return LDAP_INVALID_CREDENTIALS; /* make sure it disconnects */
-                       }
+                       ldap_connection_result_failure(conn, req, result_err, t_strdup_printf(
+                               "ldap_start_tls(uris=%s) failed: %s",
+                               conn->set->uris, result_errmsg));
+                       ldap_memfree(result_errmsg);
+                       return LDAP_INVALID_CREDENTIALS; /* make sure it disconnects */
                } else {
                        ret = ldap_parse_extended_result(conn->conn, message, &retoid, NULL, 0);
                        /* retoid can be NULL even if ret == 0 */
@@ -322,12 +312,10 @@ ldap_connection_connect_parse(struct ldap_connection *conn,
                                }
                        }
                        if (ret != LDAP_SUCCESS) {
-                               if (conn->set->require_ssl) {
-                                       ldap_connection_result_failure(conn, req, ret, t_strdup_printf(
-                                               "ldap_start_tls(uris=%s) failed: %s",
-                                               conn->set->uris, ldap_err2string(ret)));
-                                       return LDAP_UNAVAILABLE;
-                               }
+                               ldap_connection_result_failure(conn, req, ret, t_strdup_printf(
+                                       "ldap_start_tls(uris=%s) failed: %s",
+                                       conn->set->uris, ldap_err2string(ret)));
+                               return LDAP_UNAVAILABLE;
                        } else {
                                if (conn->set->debug_level > 0)
                                        e_debug(conn->event,
@@ -429,8 +417,7 @@ ldap_connect_next_message(struct ldap_connection *conn,
 
        switch(conn->state) {
        case LDAP_STATE_DISCONNECT:
-               /* if we should not disable SSL, and the URI is not ldaps:// */
-               if (!conn->set->starttls || strstr(conn->set->uris, "ldaps://") == NULL) {
+               if (conn->set->starttls && strstr(conn->set->uris, "ldaps://") == NULL) {
                        ret = ldap_start_tls(conn->conn, NULL, NULL, &req->msgid);
                        if (ret != LDAP_SUCCESS) {
                                ldap_connection_result_failure(conn, req, ret, t_strdup_printf(

diff --git a/src/lib-ldap/ldap-private.h b/src/lib-ldap/ldap-private.h
index 4d78f190d8567b320277fe9f70aa32490b5f677e..8ec31f86d1a7ab995755cb8ee4f09f35dab9d143 100644 (file)
--- a/src/lib-ldap/ldap-private.h
+++ b/src/lib-ldap/ldap-private.h
@@ -1,7 +1,7 @@
 #ifndef LDAP_PRIVATE_H
 #define LDAP_PRIVATE_H
 
-#include "iostream-ssl.h"
+#include "ssl-settings.h"
 #include "ldap-client.h"
 
 #include <ldap.h>

diff --git a/src/lib-ldap/ldap-settings.c b/src/lib-ldap/ldap-settings.c
index fb211997109c7948caa16fc3b6db213073cbc399..7f7ef46cfa2b8daf36dde4f3572414c9a46527ca 100644 (file)
--- a/src/lib-ldap/ldap-settings.c
+++ b/src/lib-ldap/ldap-settings.c
@@ -21,7 +21,6 @@ static const struct setting_define ldap_client_setting_defines[] = {
        DEFN(TIME, timeout_secs, ldap_timeout),
        DEFN(TIME, max_idle_time_secs, ldap_max_idle_time),
        DEF(UINT, debug_level),
-       DEF(BOOL, require_ssl),
        DEF(BOOL, starttls),
        SETTING_DEFINE_LIST_END
 };
@@ -33,7 +32,6 @@ static const struct ldap_client_settings ldap_client_default_settings = {
        .timeout_secs = 30,
        .max_idle_time_secs = 0,
        .debug_level = 0,
-       .require_ssl = FALSE,
        .starttls = FALSE,
 };
 

diff --git a/src/lib-ldap/ldap-settings.h b/src/lib-ldap/ldap-settings.h
index 9f21122535a6e202adce6eb202d0470ce9a453bf..4505884440dab3465c2291a19d1dbbafa049d6b7 100644 (file)
--- a/src/lib-ldap/ldap-settings.h
+++ b/src/lib-ldap/ldap-settings.h
@@ -13,7 +13,6 @@ struct ldap_client_settings {
        unsigned int timeout_secs;
        unsigned int max_idle_time_secs;
        unsigned int debug_level;
-       bool require_ssl;
        bool starttls;
 };