From e0dcf4c4d72a8c0e2b88c1a2f0a800d6076ad98e Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Fri, 9 Apr 2021 19:29:11 +0100
Subject: [PATCH] ITS#9518 fix prev commit

---
 libraries/libldap/ldap-int.h | 3 +--
 libraries/libldap/tls_o.c    | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
index cbcbc1ae3d..4dacecbfed 100644
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -315,8 +315,7 @@ struct ldapoptions {
 	int			ldo_tls_require_san;
 	char		*ldo_tls_pin_hashalg;
 	struct berval	ldo_tls_pin;
-#define LDAP_LDO_TLS_NULLARG ,0,0,0,{0,0,0,0,0,0,0,0,0,\
-	LDAP_OPT_X_TLS_PROTOCOL(0,0), LDAP_OPT_X_TLS_PROTOCOL(255,255)},0,0,0,0,0,0,{0,0}
+#define LDAP_LDO_TLS_NULLARG ,0,0,0,{0,0,0,0,0,0,0,0,0},0,0,0,0,0,0,{0,0}
 #else
 #define LDAP_LDO_TLS_NULLARG
 #endif
diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
index 10351379e7..bbf1f9156e 100644
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -363,7 +363,7 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
 		if ( opt )
 			SSL_CTX_set_options( ctx, opt );
 	}
-	{
+	if ( lo->ldo_tls_protocol_max ) {
 		int opt = 0;
 #ifdef SSL_OP_NO_TLSv1_3
 		if ( lo->ldo_tls_protocol_max < LDAP_OPT_X_TLS_PROTOCOL_TLS1_3 )
-- 
2.47.3