sb = &li->li_tls;
}
- bindconf_tls_set( sb, ld );
+ if ( sb->sb_tls_do_init ) {
+ bindconf_tls_set( sb, ld );
+ } else if ( sb->sb_tls_ctx ) {
+ ldap_set_option( ld, LDAP_OPT_X_TLS_CTX, sb->sb_tls_ctx );
+ }
/* if required by the bindconf configuration, force TLS */
if ( ( sb == &li->li_acl || sb == &li->li_idassert.si_bc ) &&
sb = &mt->mt_tls;
}
- bindconf_tls_set( sb, msc->msc_ld );
+ if ( sb->sb_tls_do_init ) {
+ bindconf_tls_set( sb, msc->msc_ld );
+ } else if ( sb->sb_tls_ctx ) {
+ ldap_set_option( msc->msc_ld, LDAP_OPT_X_TLS_CTX, sb->sb_tls_ctx );
+ }
if ( !is_ldaps ) {
if ( sb == &mt->mt_idassert.si_bc && sb->sb_tls_ctx ) {
int bindconf_tls_set( slap_bindconf *bc, LDAP *ld )
{
- int i, rc, res = 0;
+ int i, rc, newctx = 0, res = 0;
char *ptr = (char *)bc, **word;
bc->sb_tls_do_init = 0;
"bindconf_tls_set: failed to set %s to %s\n",
bindtlsopts[i].key, *word, 0 );
res = -1;
- }
+ } else
+ newctx = 1;
}
}
if ( bc->sb_tls_reqcert ) {
"bindconf_tls_set: failed to set tls_reqcert to %s\n",
bc->sb_tls_reqcert, 0, 0 );
res = -1;
- }
+ } else
+ newctx = 1;
}
if ( bc->sb_tls_protocol_min ) {
rc = ldap_int_tls_config( ld, LDAP_OPT_X_TLS_PROTOCOL_MIN,
"bindconf_tls_set: failed to set tls_protocol_min to %s\n",
bc->sb_tls_protocol_min, 0, 0 );
res = -1;
- }
+ } else
+ newctx = 1;
}
#ifdef HAVE_OPENSSL_CRL
if ( bc->sb_tls_crlcheck ) {
"bindconf_tls_set: failed to set tls_crlcheck to %s\n",
bc->sb_tls_crlcheck, 0, 0 );
res = -1;
- }
+ } else
+ newctx = 1;
}
#endif
- if ( bc->sb_tls_ctx ) {
- rc = ldap_set_option( ld, LDAP_OPT_X_TLS_CTX, bc->sb_tls_ctx );
- if ( rc )
- res = rc;
- } else {
+ if ( newctx ) {
int opt = 0;
+
+ if ( bc->sb_tls_ctx ) {
+ ldap_pvt_tls_ctx_free( bc->sb_tls_ctx );
+ bc->sb_tls_ctx = NULL;
+ }
rc = ldap_set_option( ld, LDAP_OPT_X_TLS_NEWCTX, &opt );
if ( rc )
res = rc;
slap_client_keepalive(ld, &sb->sb_keepalive);
#ifdef HAVE_TLS
- rc = bindconf_tls_set( sb, ld );
+ if ( sb->sb_tls_do_init ) {
+ rc = bindconf_tls_set( sb, ld );
+
+ } else if ( sb->sb_tls_ctx ) {
+ rc = ldap_set_option( ld, LDAP_OPT_X_TLS_CTX,
+ sb->sb_tls_ctx );
+ }
+
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"slap_client_connect: "
projects / thirdparty / openldap.git / commitdiff
