[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: bug in libldap/tls.c:ldap_start_tls_s() (ITS#685)

To: openldap-its@OpenLDAP.org
Subject: Re: bug in libldap/tls.c:ldap_start_tls_s() (ITS#685)
From: Kurt@OpenLDAP.org
Date: Fri, 25 Aug 2000 17:18:01 GMT

I do not believe this to be a bug.

At 04:47 PM 8/25/00 +0000, acorcoran@vitria.com wrote:
>In libldap/tls.c, the method ldap_start_tls_s() has this statement:
>
>   if (ldap_pvt_tls_inplace(lc->lconn_sb) != 0)
>      return LDAP_OPERATIONS_ERROR;

This says "If TLS is in place, don't attempt to start it again".

>The statement should be as follows:
>
>   if (ldap_pvt_tls_inplace(lc->lconn_sb) == 0)
>      return LDAP_OPERATIONS_ERROR;

This says "If TLS is not in place, don't attempt to start it".  This
is clearly wrong.

Sending the Start TLS request only makes sense if TLS is not in place
(whether by previous Start TLS request or via ldaps://).

Prev by Date: bug in libldap/tls.c:ldap_start_tls_s() (ITS#685)
Next by Date: RE: bug in libldap/tls.c:ldap_start_tls_s() (ITS#685)
Index(es):
- Chronological
- Thread