From: Howard Chu <hyc@openldap.org>
Date: Tue, 22 Apr 2025 16:22:59 +0000 (+0100)
Subject: ITS#10326 mbedtls: always call mbedtls_ssl_set_hostname()
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=10456f585054b701b32b2190b93ab3687c1e4ca4;p=thirdparty%2Fopenldap.git

ITS#10326 mbedtls: always call mbedtls_ssl_set_hostname()

Even if hostname is NULL, the library requires this be called once.
If non-NULL, mbedtls may do a hostname check which is redundant
since libldap does its own check.
---

diff --git a/libraries/libldap/tls_mt.c b/libraries/libldap/tls_mt.c
index 908d84058c..a92c300ade 100644
--- a/libraries/libldap/tls_mt.c
+++ b/libraries/libldap/tls_mt.c
@@ -380,11 +380,9 @@ static int
 tlsmt_session_connect( LDAP *ld, tls_session *sess, const char *name_in )
 {
 	tlsmt_session *s = (tlsmt_session *)sess;
-	if (name_in) {
-		int ret = mbedtls_ssl_set_hostname( &(s->ssl_ctx), name_in );
-		if ( ret != 0 ) {
-			return ret;
-		}
+	int ret = mbedtls_ssl_set_hostname( &(s->ssl_ctx), name_in );
+	if ( ret != 0 ) {
+		return ret;
 	}
 
 	return tlsmt_session_accept(sess);