From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 2 Oct 2009 08:06:26 +0000 (+1300)
Subject: Author: Henrik Nordstrom <hno@squid-cache.org>
X-Git-Tag: SQUID_3_0_STABLE20~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c88e7602fc295a315418cb5dd05e37bc9555d975;p=thirdparty%2Fsquid.git

Author: Henrik Nordstrom <hno@squid-cache.org>
Bug 2510: digest_ldap_auth uses incorrect logic with TLS
---

diff --git a/helpers/digest_auth/ldap/ldap_backend.c b/helpers/digest_auth/ldap/ldap_backend.c
index 4594a610ec..320f397117 100644
--- a/helpers/digest_auth/ldap/ldap_backend.c
+++ b/helpers/digest_auth/ldap/ldap_backend.c
@@ -361,11 +361,11 @@ ldapconnect(void)
 	}
 	if (use_tls) {
 #ifdef LDAP_OPT_X_TLS
-	    if ((version == LDAP_VERSION3) && (ldap_start_tls_s(ld, NULL, NULL) == LDAP_SUCCESS)) {
-		fprintf(stderr, "Could not Activate TLS connection\n");
-		ldap_unbind(ld);
-		ld = NULL;
-	    }
+            if (version != LDAP_VERSION3) {
+                fprintf(stderr, "TLS requires LDAP version 3\n");
+                exit(1);
+            } else if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) {
+                exit(1);
 #else
 	    fprintf(stderr, "TLS not supported with your LDAP library\n");
 	    ldap_unbind(ld);