From: Marco Bettini <marco.bettini@open-xchange.com>
Date: Fri, 13 Dec 2024 08:53:28 +0000 (+0000)
Subject: lib-ldap: Fix certificate validation for RHEL9
X-Git-Tag: 2.4.0~123
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c1c93002558747a5b6006f279855f71990b94a96;p=thirdparty%2Fdovecot%2Fcore.git

lib-ldap: Fix certificate validation for RHEL9
---

diff --git a/src/lib-ldap/ldap-utils.c b/src/lib-ldap/ldap-utils.c
index 1d176b1028..bf5f815b1d 100644
--- a/src/lib-ldap/ldap-utils.c
+++ b/src/lib-ldap/ldap-utils.c
@@ -59,8 +59,14 @@ void ldap_set_tls_options(const char *prefix, LDAP *ld, bool starttls,
 
 	bool requires = ssl_set->ssl_client_require_valid_cert;
 	int opt = requires ? LDAP_OPT_X_TLS_HARD : LDAP_OPT_X_TLS_ALLOW;
+
+	/* required for Bookworm */
 	ldap_set_opt(prefix, NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt,
 		     "ssl_client_require_valid_cert", requires ? "yes" : "no" );
+
+	/* required for RHEL9 */
+	ldap_set_opt(prefix, ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt,
+		     "ssl_client_require_valid_cert", requires ? "yes" : "no");
 }
 
 #endif