From: Howard Chu <hyc@openldap.org>
Date: Fri, 9 Apr 2021 18:29:11 +0000 (+0100)
Subject: ITS#9518 fix prev commit
X-Git-Tag: OPENLDAP_REL_ENG_2_5_4~7^2~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0dcf4c4d72a8c0e2b88c1a2f0a800d6076ad98e;p=thirdparty%2Fopenldap.git

ITS#9518 fix prev commit
---

diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
index cbcbc1ae3d..4dacecbfed 100644
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -315,8 +315,7 @@ struct ldapoptions {
 	int			ldo_tls_require_san;
 	char		*ldo_tls_pin_hashalg;
 	struct berval	ldo_tls_pin;
-#define LDAP_LDO_TLS_NULLARG ,0,0,0,{0,0,0,0,0,0,0,0,0,\
-	LDAP_OPT_X_TLS_PROTOCOL(0,0), LDAP_OPT_X_TLS_PROTOCOL(255,255)},0,0,0,0,0,0,{0,0}
+#define LDAP_LDO_TLS_NULLARG ,0,0,0,{0,0,0,0,0,0,0,0,0},0,0,0,0,0,0,{0,0}
 #else
 #define LDAP_LDO_TLS_NULLARG
 #endif
diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
index 10351379e7..bbf1f9156e 100644
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -363,7 +363,7 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
 		if ( opt )
 			SSL_CTX_set_options( ctx, opt );
 	}
-	{
+	if ( lo->ldo_tls_protocol_max ) {
 		int opt = 0;
 #ifdef SSL_OP_NO_TLSv1_3
 		if ( lo->ldo_tls_protocol_max < LDAP_OPT_X_TLS_PROTOCOL_TLS1_3 )