From: Howard Chu <hyc@openldap.org>
Date: Sun, 21 Mar 2021 15:25:56 +0000 (+0000)
Subject: ITS#7295 don't init TLS threads by default
X-Git-Tag: OPENLDAP_REL_ENG_2_5_3BETA~3^2~43
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb6844e296daff99658802c2e7d7330245f8a293;p=thirdparty%2Fopenldap.git

ITS#7295 don't init TLS threads by default

Do it explicitly in servers
---

diff --git a/include/ldap_pvt.h b/include/ldap_pvt.h
index 9d9d697ce7..b05d452bcc 100644
--- a/include/ldap_pvt.h
+++ b/include/ldap_pvt.h
@@ -426,7 +426,7 @@ LDAP_F (int) ldap_pvt_tls_set_option LDAP_P(( struct ldap *ld,
 	int option, void *arg ));
 
 LDAP_F (void) ldap_pvt_tls_destroy LDAP_P(( void ));
-LDAP_F (int) ldap_pvt_tls_init LDAP_P(( void ));
+LDAP_F (int) ldap_pvt_tls_init LDAP_P(( int do_threads ));
 LDAP_F (int) ldap_pvt_tls_init_def_ctx LDAP_P(( int is_server ));
 LDAP_F (int) ldap_pvt_tls_accept LDAP_P(( Sockbuf *sb, void *ctx_arg ));
 LDAP_F (int) ldap_pvt_tls_connect LDAP_P(( struct ldap *ld, Sockbuf *sb, const char *host ));
diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
index fcf0da307a..539fbfa8fb 100644
--- a/libraries/libldap/tls2.c
+++ b/libraries/libldap/tls2.c
@@ -165,7 +165,7 @@ ldap_pvt_tls_destroy( void )
  * Called once per implementation.
  */
 static int
-tls_init(tls_impl *impl )
+tls_init(tls_impl *impl, int do_threads )
 {
 	static int tls_initialized = 0;
 
@@ -177,9 +177,12 @@ tls_init(tls_impl *impl )
 
 	if ( impl->ti_inited++ ) return 0;
 
+	if ( do_threads ) {
 #ifdef LDAP_R_COMPILE
-	impl->ti_thr_init();
+		impl->ti_thr_init();
 #endif
+	}
+
 	return impl->ti_tls_init();
 }
 
@@ -187,9 +190,9 @@ tls_init(tls_impl *impl )
  * Initialize TLS subsystem. Called once per implementation.
  */
 int
-ldap_pvt_tls_init( void )
+ldap_pvt_tls_init( int do_threads )
 {
-	return tls_init( tls_imp );
+	return tls_init( tls_imp, do_threads );
 }
 
 /*
@@ -205,7 +208,7 @@ ldap_int_tls_init_ctx( struct ldapoptions *lo, int is_server )
 	if ( lo->ldo_tls_ctx )
 		return 0;
 
-	tls_init( ti );
+	tls_init( ti, 0 );
 
 	if ( is_server && !lts.lt_certfile && !lts.lt_keyfile &&
 		!lts.lt_cacertfile && !lts.lt_cacertdir &&
@@ -1102,7 +1105,7 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
 		host = "localhost";
 	}
 
-	(void) tls_init( tls_imp );
+	(void) tls_init( tls_imp, 0 );
 
 	/*
 	 * Use non-blocking io during SSL Handshake when a timeout is configured
diff --git a/servers/lloadd/main.c b/servers/lloadd/main.c
index 4c80f5860b..4412523682 100644
--- a/servers/lloadd/main.c
+++ b/servers/lloadd/main.c
@@ -707,7 +707,7 @@ unhandled_option:;
     }
 
 #ifdef HAVE_TLS
-    rc = ldap_pvt_tls_init();
+    rc = ldap_pvt_tls_init( 1 );
     if ( rc != 0 ) {
         Debug( LDAP_DEBUG_ANY, "main: "
                 "TLS init failed: %d\n",
diff --git a/servers/slapd/main.c b/servers/slapd/main.c
index 8af74e8043..a5867350bc 100644
--- a/servers/slapd/main.c
+++ b/servers/slapd/main.c
@@ -858,7 +858,7 @@ unhandled_option:;
 	}
 
 #ifdef HAVE_TLS
-	rc = ldap_pvt_tls_init();
+	rc = ldap_pvt_tls_init( 1 );
 	if( rc != 0) {
 		Debug( LDAP_DEBUG_ANY,
 		    "main: TLS init failed: %d\n",