Commit 73d48324 authored by Committed by Quanah Gibson-MountBrowse files
ITS#7373 - TLS: do not reuse tls_session if hostname check fails
If multiple servers are specified, the connection to the first one succeeds, and the hostname verification fails, *tls_session is not dropped, but reused when connecting to the second server. This is a problem with Mozilla NSS backend because another handshake cannot be performed on the same file descriptor. From this reason, hostname checking was moved into ldap_int_tls_connect() before connection error handling.