From: Ondřej Kuzník <ondra@mistotebe.net>
Date: Mon, 12 Oct 2020 10:09:03 +0000 (+0100)
Subject: ITS#9366 Check ldap_install_tls return and remove connection if failed
X-Git-Tag: OPENLDAP_REL_ENG_2_5_1ALPHA~18^2~239
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=98a0029daeb8aaa7bc58428ad3f94eface7f997b;p=thirdparty%2Fopenldap.git

ITS#9366 Check ldap_install_tls return and remove connection if failed
---

diff --git a/servers/slapd/back-asyncmeta/conn.c b/servers/slapd/back-asyncmeta/conn.c
index 2810127631..62797b8cd2 100644
--- a/servers/slapd/back-asyncmeta/conn.c
+++ b/servers/slapd/back-asyncmeta/conn.c
@@ -303,7 +303,7 @@ retry:;
 					 * using it instead of the
 					 * configured URI? */
 					if ( rs->sr_err == LDAP_SUCCESS ) {
-						ldap_install_tls( msc->msc_ld );
+						rs->sr_err = ldap_install_tls( msc->msc_ld );
 
 					} else if ( rs->sr_err == LDAP_REFERRAL ) {
 						/* FIXME: LDAP_OPERATIONS_ERROR? */
@@ -352,6 +352,8 @@ retry:;
 				(void *)msc->msc_ld );
 #endif /* DEBUG_205 */
 
+			/* need to trash a failed Start TLS */
+			asyncmeta_clear_one_msc( op, mc, candidate, 1, __FUNCTION__ );
 			goto error_return;
 		}
 	}
diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c
index df7681d0b7..c704c0eba4 100644
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@@ -508,7 +508,7 @@ retry:;
 					 * using it instead of the 
 					 * configured URI? */
 					if ( rs->sr_err == LDAP_SUCCESS ) {
-						ldap_install_tls( msc->msc_ld );
+						rs->sr_err = ldap_install_tls( msc->msc_ld );
 
 					} else if ( rs->sr_err == LDAP_REFERRAL ) {
 						/* FIXME: LDAP_OPERATIONS_ERROR? */