[Date Prev][Date Next] [Chronological] [Thread] [Top]

bugs with ldaps:// URIs

To: <openldap-devel@OpenLDAP.org>
Subject: bugs with ldaps:// URIs
From: "Howard Chu" <hyc@highlandsun.com>
Date: Mon, 20 Aug 2001 17:07:05 -0700
Importance: Normal

I ran into multiple SEGVs trying to connect to ldaps URIs with the HEAD
code.
Here's a set of diffs I used to keep it from crashing. Does it look OK to
commit?

Note: lc->lconn_server is set "for real" at the bottom of the loop, this is
just a quickie to make ldap_int_tls_start happy.
Index: request.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/libraries/libldap/request.c,v
retrieving revision 1.73
diff -u -r1.73 request.c
--- request.c   2001/06/25 05:33:42     1.73
+++ request.c   2001/08/20 23:57:45
@@ -255,6 +255,7 @@

        if ( connect ) {
                for ( srv = srvlist; srv != NULL; srv = srv->lud_next ) {
+                       lc->lconn_server = srv;
                        if ( ldap_int_open_connection( ld, lc, srv, 0 )
!= -1 )
{
                                break;
                        }

I removed the check of tls_opt_trace because it should be sufficient to set
it once in the SSL_CTX structure. Also, omitting the second check allows
other
apps to override the info_callback for their own purposes. It's a completely
unrelated change, not relevant to preventing the SEGVs.
Index: tls.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/libraries/libldap/tls.c,v
retrieving revision 1.47
diff -u -r1.47 tls.c
--- tls.c       2001/08/02 02:20:11     1.47
+++ tls.c       2001/08/20 23:57:46
@@ -261,9 +261,11 @@
                return NULL;
        }

+#if 0
        if ( tls_opt_trace ) {
                SSL_set_info_callback( ssl, tls_info_cb );
        }
+#endif
        return ssl;
 }

@@ -557,7 +559,7 @@
 ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
 {
        Sockbuf *sb = conn->lconn_sb;
-       void *ctx = ld->ld_defconn->lconn_tls_ctx;
+       void *ctx =
ld->ld_defconn?ld->ld_defconn->lconn_tls_ctx:tls_def_ctx;

        int     err;
        SSL     *ssl;
@@ -574,6 +576,8 @@
 #endif
                ber_sockbuf_add_io( sb, &ldap_pvt_sockbuf_io_tls,
                        LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
+               if (!ctx)
+                       conn->lconn_tls_ctx = tls_def_ctx;
        }

        err = SSL_connect( ssl );
@@ -955,7 +959,7 @@
 {
        Sockbuf *sb = conn->lconn_sb;
        char *host = conn->lconn_server->lud_host;
-       void *ctx = ld->ld_defconn->lconn_tls_ctx;
+       void *ctx =
ld->ld_defconn?ld->ld_defconn->lconn_tls_ctx:tls_def_ctx;

        char *peer_cert_cn;
        void *ssl;
  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc

Follow-Ups:
- DB_PRIVATE flag...
  - From: anish sheth <asheth@cisco.com>

Prev by Date: Re: subtree replication
Next by Date: DB_PRIVATE flag...
Index(es):
- Chronological
- Thread