From 10456f585054b701b32b2190b93ab3687c1e4ca4 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Tue, 22 Apr 2025 17:22:59 +0100 Subject: [PATCH] ITS#10326 mbedtls: always call mbedtls_ssl_set_hostname() Even if hostname is NULL, the library requires this be called once. If non-NULL, mbedtls may do a hostname check which is redundant since libldap does its own check. --- libraries/libldap/tls_mt.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/libraries/libldap/tls_mt.c b/libraries/libldap/tls_mt.c index 908d84058c..a92c300ade 100644 --- a/libraries/libldap/tls_mt.c +++ b/libraries/libldap/tls_mt.c @@ -380,11 +380,9 @@ static int tlsmt_session_connect( LDAP *ld, tls_session *sess, const char *name_in ) { tlsmt_session *s = (tlsmt_session *)sess; - if (name_in) { - int ret = mbedtls_ssl_set_hostname( &(s->ssl_ctx), name_in ); - if ( ret != 0 ) { - return ret; - } + int ret = mbedtls_ssl_set_hostname( &(s->ssl_ctx), name_in ); + if ( ret != 0 ) { + return ret; } return tlsmt_session_accept(sess); -- 2.47.3