Bug #1389: LDAP helpers does not wotk with TLS (-Z option)

diff --git a/helpers/basic_auth/LDAP/squid_ldap_auth.c b/helpers/basic_auth/LDAP/squid_ldap_auth.c
index 263a97021c06e8624323ed3ec4879b5cb5607753..8e1a32aebb285c50186136e6be37117e495c79d4 100644 (file)
--- a/helpers/basic_auth/LDAP/squid_ldap_auth.c
+++ b/helpers/basic_auth/LDAP/squid_ldap_auth.c
@@ -293,12 +293,12 @@ open_ldap_connection(const char *ldapServer, int port)
     }
     if (use_tls) {
 #ifdef LDAP_OPT_X_TLS
-        if (version == LDAP_VERSION3 && ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) {
-           fprintf(stderr, "Could not Activate TLS connection\n");
-           exit(1);
-       } else {
+        if (version != LDAP_VERSION3) {
            fprintf(stderr, "TLS requires LDAP version 3\n");
            exit(1);
+       } else if(ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) {
+           fprintf(stderr, "Could not Activate TLS connection\n");
+           exit(1);
        }
 #else
        fprintf(stderr, "TLS not supported with your LDAP library\n");

diff --git a/helpers/external_acl/ldap_group/squid_ldap_group.c b/helpers/external_acl/ldap_group/squid_ldap_group.c
index d5209438b02b50d6fb291fa663b96c23f4ef88e2..92baedd8933f37287f375cbfb7cd40334a02fe95 100644 (file)
--- a/helpers/external_acl/ldap_group/squid_ldap_group.c
+++ b/helpers/external_acl/ldap_group/squid_ldap_group.c
@@ -528,14 +528,14 @@ main(int argc, char **argv)
                }
                if (use_tls) {
 #ifdef LDAP_OPT_X_TLS
-                   if (version == LDAP_VERSION3 && ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) {
+                   if (version != LDAP_VERSION3) {
+                       fprintf(stderr, "TLS requires LDAP version 3\n");
+                       exit(1);
+                   } else if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) {
                        fprintf(stderr, "Could not Activate TLS connection\n");
                        ldap_unbind(ld);
                        ld = NULL;
                        break;
-                   } else {
-                       fprintf(stderr, "TLS requires LDAP version 3\n");
-                       exit(1);
                    }
 #else
                    fprintf(stderr, "TLS not supported with your LDAP library\n");