[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#8957)
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><font face="Calibri">I reviewed some of the initial discussion
about this same issue which lead to this fix in version 2.4.26,
"</font>Fixed libldap ASYNC TLS setup (ITS#6828)", and looked at
the code that Ian Puleston suggested should be fixed in
ldap_int_open_connection. This routine does have the code to do
what was need for TSL to work but was not called since it received
an error code of -2 not 0. The -2 simply indicated that this was
an asynchronous call. I changed the test to call the TSL setup if
the return code was either 0 or -2. This fixes my issue. Here is
my patch.</p>
<p>--- openldap-2.4.47/libraries/libldap/open.c   2018-12-19
10:57:06.000000000 -0500<br>
+++ openldap-2.4.47.mod/libraries/libldap/open.c   2019-01-26
18:24:48.000000000 -0500<br>
@@ -440,7 +440,7 @@<br>
 #endif<br>
 <br>
 #ifdef HAVE_TLS<br>
-Â Â Â if (rc == 0 && ( ld->ld_options.ldo_tls_mode ==
LDAP_OPT_X_TLS_HARD ||<br>
+Â Â Â if ((rc == 0 || rc == -2) && (
ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ||<br>
       strcmp( srv->lud_scheme, "ldaps" ) == 0 ))<br>
    {<br>
       ++conn->lconn_refcnt;   /* avoid premature free */<br>
</p>
<p><font face="Arial,Verdana,Helvetica">Thanks,<br>
Vern</font><br>
<font face="Arial,Verdana,Helvetica"></font></p>
</body>
</html>