lib-ldap: Fix certificate validation for RHEL9

author Marco Bettini <marco.bettini@open-xchange.com>

Fri, 13 Dec 2024 08:53:28 +0000 (08:53 +0000)

committer Aki Tuomi <aki.tuomi@open-xchange.com>

Fri, 17 Jan 2025 08:40:01 +0000 (10:40 +0200)
author Marco Bettini <marco.bettini@open-xchange.com>
Fri, 13 Dec 2024 08:53:28 +0000 (08:53 +0000)
committer Aki Tuomi <aki.tuomi@open-xchange.com>
Fri, 17 Jan 2025 08:40:01 +0000 (10:40 +0200)
diff --git a/src/lib-ldap/ldap-utils.c b/src/lib-ldap/ldap-utils.c

index 1d176b1028a74cdfef752e298a809e46d4de480b..bf5f815b1d308fdc2fa9f71b14b1c4bf3fb4e2e7 100644 (file)
--- a/src/lib-ldap/ldap-utils.c
+++ b/src/lib-ldap/ldap-utils.c
@@ -59,8 +59,14 @@ void ldap_set_tls_options(const char *prefix, LDAP *ld, bool starttls,
  
         bool requires = ssl_set->ssl_client_require_valid_cert;
         int opt = requires ? LDAP_OPT_X_TLS_HARD : LDAP_OPT_X_TLS_ALLOW;
+
+       /* required for Bookworm */
         ldap_set_opt(prefix, NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt,
                      "ssl_client_require_valid_cert", requires ? "yes" : "no" );
+
+       /* required for RHEL9 */
+       ldap_set_opt(prefix, ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt,
+                    "ssl_client_require_valid_cert", requires ? "yes" : "no");
  }
  
  #endif
author	Marco Bettini <marco.bettini@open-xchange.com>
	Fri, 13 Dec 2024 08:53:28 +0000 (08:53 +0000)
committer	Aki Tuomi <aki.tuomi@open-xchange.com>
	Fri, 17 Jan 2025 08:40:01 +0000 (10:40 +0200)