From 7f20e4eb4aefb84fd4865f47a0b3f0d04187fbff Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Wed, 16 Sep 2009 20:32:34 +1200
Subject: [PATCH] Author: Henrik Nordstrom <hno@squid-cache.org> Bug 2510:
 digest_ldap_auth uses incorrect logic with TLS

---
 helpers/digest_auth/ldap/ldap_backend.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/helpers/digest_auth/ldap/ldap_backend.c b/helpers/digest_auth/ldap/ldap_backend.c
index 0e4a9fecda..47b440829c 100644
--- a/helpers/digest_auth/ldap/ldap_backend.c
+++ b/helpers/digest_auth/ldap/ldap_backend.c
@@ -361,10 +361,12 @@ ldapconnect(void)
         }
         if (use_tls) {
 #ifdef LDAP_OPT_X_TLS
-            if ((version == LDAP_VERSION3) && (ldap_start_tls_s(ld, NULL, NULL) == LDAP_SUCCESS)) {
+            if (version != LDAP_VERSION3) {
+                fprintf(stderr, "TLS requires LDAP version 3\n");
+                exit(1);
+            } else if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) {
                 fprintf(stderr, "Could not Activate TLS connection\n");
-                ldap_unbind(ld);
-                ld = NULL;
+                exit(1);
             }
 #else
             fprintf(stderr, "TLS not supported with your LDAP library\n");
-- 
2.47.3