[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8427) Incorrect value of tls_reqcert in syncrepl



Howard, thanks for the reply. I just noticed a small error in what I
wrote, the corrected fragment should be: "This was because
sb->sb_tls_do_init was FALSE and bindconf_tls_set(sb, ld) was not
called."

I also would like to add that my patch changes the semantics of
bindconf_tls_set, in regard of how TLS context is set, and that this
is deliberate. I think that previous semantics was unclear and
bug-prone, and that the new one is not only more straightforward, but
also matches better the way bindconf_tls_set is used. As a result both
bindconf_tls_set code and the code around its invocations is
simplified. However, I was focused on its usage in slap_client_connect
(because this is what was causing me problems), and I did not put much
attention into other three places where bindconf_tls_set is called.
All of those code fragments were basically identical, so I modified
them the same way, but I think someone should review these
modifications to see if they make sense. I originally intended to
limit the impact of my patch to slap_client_connect, and to keep the
changes inside config.c file. However, this resulted in making bad
code worse, even less clear and manageable.