[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8957)

To: openldap-its@OpenLDAP.org
Subject: (ITS#8957)
From: vsmith@interlinknetworks.com
Date: Tue, 29 Jan 2019 16:51:29 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

I reviewed some of the initial discussion about this same issue which 
lead to this fix in version 2.4.26, "Fixed libldap ASYNC TLS setup 
(ITS#6828)", and looked at the code that Ian Puleston suggested should 
be fixed in ldap_int_open_connection. This routine does have the code to 
do what was need for TSL to work but was not called since it received an 
error code of -2 not 0. The -2 simply indicated that this was an 
asynchronous call. I changed the test to call the TSL setup if the 
return code was either 0 or -2. This fixes my issue. Here is my patch.

--- openldap-2.4.47/libraries/libldap/open.cÂ Â Â  2018-12-19 
10:57:06.000000000 -0500
+++ openldap-2.4.47.mod/libraries/libldap/open.cÂ Â Â  2019-01-26 
18:24:48.000000000 -0500
@@ -440,7 +440,7 @@
 Â #endif

 Â #ifdef HAVE_TLS
-Â Â Â  if (rc == 0 && ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ||
+Â Â Â  if ((rc == 0 || rc == -2) && ( ld->ld_options.ldo_tls_mode == 
LDAP_OPT_X_TLS_HARD ||
 Â Â Â Â  Â Â Â  strcmp( srv->lud_scheme, "ldaps" ) == 0 ))
 Â Â Â Â  {
 Â Â Â Â  Â Â Â  ++conn->lconn_refcnt;Â Â Â  /* avoid premature free */

Thanks,
Vernon

Prev by Date: (ITS#8965) ldap proxy segmentation fault
Next by Date: Re: (ITS#8957)
Index(es):
- Chronological
- Thread