From 98a0029daeb8aaa7bc58428ad3f94eface7f997b Mon Sep 17 00:00:00 2001
From: =?utf8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
Date: Mon, 12 Oct 2020 11:09:03 +0100
Subject: [PATCH] ITS#9366 Check ldap_install_tls return and remove connection
 if failed

---
 servers/slapd/back-asyncmeta/conn.c | 4 +++-
 servers/slapd/back-meta/conn.c      | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/servers/slapd/back-asyncmeta/conn.c b/servers/slapd/back-asyncmeta/conn.c
index 2810127631..62797b8cd2 100644
--- a/servers/slapd/back-asyncmeta/conn.c
+++ b/servers/slapd/back-asyncmeta/conn.c
@@ -303,7 +303,7 @@ retry:;
 					 * using it instead of the
 					 * configured URI? */
 					if ( rs->sr_err == LDAP_SUCCESS ) {
-						ldap_install_tls( msc->msc_ld );
+						rs->sr_err = ldap_install_tls( msc->msc_ld );
 
 					} else if ( rs->sr_err == LDAP_REFERRAL ) {
 						/* FIXME: LDAP_OPERATIONS_ERROR? */
@@ -352,6 +352,8 @@ retry:;
 				(void *)msc->msc_ld );
 #endif /* DEBUG_205 */
 
+			/* need to trash a failed Start TLS */
+			asyncmeta_clear_one_msc( op, mc, candidate, 1, __FUNCTION__ );
 			goto error_return;
 		}
 	}
diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c
index df7681d0b7..c704c0eba4 100644
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@@ -508,7 +508,7 @@ retry:;
 					 * using it instead of the 
 					 * configured URI? */
 					if ( rs->sr_err == LDAP_SUCCESS ) {
-						ldap_install_tls( msc->msc_ld );
+						rs->sr_err = ldap_install_tls( msc->msc_ld );
 
 					} else if ( rs->sr_err == LDAP_REFERRAL ) {
 						/* FIXME: LDAP_OPERATIONS_ERROR? */
-- 
2.47.3