Commit d67a2f20 authored by Howard Chu's avatar Howard Chu
Browse files

Move lconn_tls_ctx to ldo_tls_ctx. Otherwise clients cannot set it after

ldap_initializ'ing an LD and before connecting on it. Really all of the
global TLS options belong in the ldapoptions struct, instead of static vars.
parent 1a28cc1c
......@@ -169,6 +169,8 @@ struct ldapoptions {
ber_int_t ldo_sizelimit;
#ifdef HAVE_TLS
/* tls context */
void *ldo_tls_ctx;
int ldo_tls_mode;
LDAP_TLS_CONNECT_CB *ldo_tls_connect_cb;
void* ldo_tls_connect_arg;
......@@ -210,10 +212,6 @@ struct ldapoptions {
*/
typedef struct ldap_conn {
Sockbuf *lconn_sb;
#ifdef HAVE_TLS
/* tls context */
void *lconn_tls_ctx;
#endif
#ifdef HAVE_CYRUS_SASL
void *lconn_sasl_authctx; /* context for bind */
void *lconn_sasl_sockctx; /* for security layer */
......
......@@ -764,8 +764,10 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
} else {
struct ldapoptions *lo;
void *ctx = ld->ld_defconn
? ld->ld_defconn->lconn_tls_ctx : NULL;
void *ctx;
lo = &ld->ld_options;
ctx = lo->ldo_tls_ctx;
ssl = alloc_handle( ctx );
......@@ -780,9 +782,8 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
if( ctx == NULL ) {
ctx = tls_def_ctx;
conn->lconn_tls_ctx = tls_def_ctx;
lo->ldo_tls_ctx = ctx;
}
lo = &ld->ld_options;
if ( lo->ldo_tls_connect_cb )
lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
lo = LDAP_INT_GLOBAL_OPT();
......@@ -1245,7 +1246,7 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
if ( ld == NULL ) {
*(void **)arg = (void *) tls_def_ctx;
} else {
*(void **)arg = ld->ld_defconn->lconn_tls_ctx;
*(void **)arg = lo->ldo_tls_ctx;
}
break;
case LDAP_OPT_X_TLS_CACERTFILE:
......@@ -1347,7 +1348,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
tls_def_ctx = (SSL_CTX *) arg;
} else {
ld->ld_defconn->lconn_tls_ctx = arg;
lo->ldo_tls_ctx = arg;
}
return 0;
case LDAP_OPT_X_TLS_CONNECT_CB:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment