[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8427) Incorrect value of tls_reqcert in syncrepl
Proposed patch:
diff -ru servers/slapd.orig/config.c servers/slapd/config.c
--- servers/slapd.orig/config.c 2016-05-16 16:49:08.000000000 -0500
+++ servers/slapd/config.c 2016-05-19 20:28:54.002163670 -0500
@@ -1864,7 +1864,7 @@
int bindconf_tls_set( slap_bindconf *bc, LDAP *ld )
{
- int i, rc, newctx = 0, res = 0;
+ int i, rc, res = 0;
char *ptr = (char *)bc, **word;
bc->sb_tls_do_init = 0;
@@ -1878,8 +1878,7 @@
"bindconf_tls_set: failed to set %s to %s\n",
bindtlsopts[i].key, *word, 0 );
res = -1;
- } else
- newctx = 1;
+ }
}
}
if ( bc->sb_tls_reqcert ) {
@@ -1890,8 +1889,7 @@
"bindconf_tls_set: failed to set tls_reqcert to %s\n",
bc->sb_tls_reqcert, 0, 0 );
res = -1;
- } else
- newctx = 1;
+ }
}
if ( bc->sb_tls_protocol_min ) {
rc = ldap_pvt_tls_config( ld, LDAP_OPT_X_TLS_PROTOCOL_MIN,
@@ -1901,8 +1899,7 @@
"bindconf_tls_set: failed to set tls_protocol_min to %s\n",
bc->sb_tls_protocol_min, 0, 0 );
res = -1;
- } else
- newctx = 1;
+ }
}
#ifdef HAVE_OPENSSL_CRL
if ( bc->sb_tls_crlcheck ) {
@@ -1913,17 +1910,15 @@
"bindconf_tls_set: failed to set tls_crlcheck to %s\n",
bc->sb_tls_crlcheck, 0, 0 );
res = -1;
- } else
- newctx = 1;
+ }
}
#endif
- if ( newctx ) {
+ if ( bc->sb_tls_ctx ) {
+ rc = ldap_set_option( ld, LDAP_OPT_X_TLS_CTX, bc->sb_tls_ctx );
+ if ( rc )
+ res = rc;
+ } else {
int opt = 0;
-
- if ( bc->sb_tls_ctx ) {
- ldap_pvt_tls_ctx_free( bc->sb_tls_ctx );
- bc->sb_tls_ctx = NULL;
- }
rc = ldap_set_option( ld, LDAP_OPT_X_TLS_NEWCTX, &opt );
if ( rc )
res = rc;
@@ -2000,14 +1995,7 @@
slap_client_keepalive(ld, &sb->sb_keepalive);
#ifdef HAVE_TLS
- if ( sb->sb_tls_do_init ) {
- rc = bindconf_tls_set( sb, ld );
-
- } else if ( sb->sb_tls_ctx ) {
- rc = ldap_set_option( ld, LDAP_OPT_X_TLS_CTX,
- sb->sb_tls_ctx );
- }
-
+ rc = bindconf_tls_set( sb, ld );
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"slap_client_connect: "
diff -ru servers/slapd.orig/back-ldap/bind.c servers/slapd/back-ldap/bind.c
--- servers/slapd.orig/back-ldap/bind.c 2016-05-16 16:49:07.000000000 -0500
+++ servers/slapd/back-ldap/bind.c 2016-05-19 19:41:35.654431746 -0500
@@ -735,11 +735,7 @@
sb = &li->li_tls;
}
- if ( sb->sb_tls_do_init ) {
- bindconf_tls_set( sb, ld );
- } else if ( sb->sb_tls_ctx ) {
- ldap_set_option( ld, LDAP_OPT_X_TLS_CTX, sb->sb_tls_ctx );
- }
+ bindconf_tls_set( sb, ld );
/* if required by the bindconf configuration, force TLS */
if ( ( sb == &li->li_acl || sb == &li->li_idassert.si_bc ) &&
diff -ru servers/slapd.orig/back-meta/conn.c servers/slapd/back-meta/conn.c
--- servers/slapd.orig/back-meta/conn.c 2016-05-16 16:49:07.000000000 -0500
+++ servers/slapd/back-meta/conn.c 2016-05-19 19:42:33.365580781 -0500
@@ -433,11 +433,7 @@
sb = &mt->mt_tls;
}
- if ( sb->sb_tls_do_init ) {
- bindconf_tls_set( sb, msc->msc_ld );
- } else if ( sb->sb_tls_ctx ) {
- ldap_set_option( msc->msc_ld, LDAP_OPT_X_TLS_CTX, sb->sb_tls_ctx );
- }
+ bindconf_tls_set( sb, msc->msc_ld );
if ( !is_ldaps ) {
if ( sb == &mt->mt_idassert.si_bc && sb->sb_tls_ctx ) {
diff -ru servers/slapd.orig/back-asyncmeta/conn.c
servers/slapd/back-asyncmeta/conn.c
--- servers/slapd.orig/back-asyncmeta/conn.c 2016-05-16
16:49:07.000000000 -0500
+++ servers/slapd/back-asyncmeta/conn.c 2016-05-19 19:43:24.164354246 -0500
@@ -277,11 +277,7 @@
sb = &mt->mt_tls;
}
- if ( sb->sb_tls_do_init ) {
- bindconf_tls_set( sb, msc->msc_ld );
- } else if ( sb->sb_tls_ctx ) {
- ldap_set_option( msc->msc_ld, LDAP_OPT_X_TLS_CTX, sb->sb_tls_ctx );
- }
+ bindconf_tls_set( sb, msc->msc_ld );
if ( !is_ldaps ) {
if ( sb == &mt->mt_idassert.si_bc && sb->sb_tls_ctx ) {
-------- END OF PATCH