Commit d67a2f20 authored by Howard Chu's avatar Howard Chu
Browse files

Move lconn_tls_ctx to ldo_tls_ctx. Otherwise clients cannot set it after

ldap_initializ'ing an LD and before connecting on it. Really all of the
global TLS options belong in the ldapoptions struct, instead of static vars.
parent 1a28cc1c
...@@ -169,6 +169,8 @@ struct ldapoptions { ...@@ -169,6 +169,8 @@ struct ldapoptions {
ber_int_t ldo_sizelimit; ber_int_t ldo_sizelimit;
#ifdef HAVE_TLS #ifdef HAVE_TLS
/* tls context */
void *ldo_tls_ctx;
int ldo_tls_mode; int ldo_tls_mode;
LDAP_TLS_CONNECT_CB *ldo_tls_connect_cb; LDAP_TLS_CONNECT_CB *ldo_tls_connect_cb;
void* ldo_tls_connect_arg; void* ldo_tls_connect_arg;
...@@ -210,10 +212,6 @@ struct ldapoptions { ...@@ -210,10 +212,6 @@ struct ldapoptions {
*/ */
typedef struct ldap_conn { typedef struct ldap_conn {
Sockbuf *lconn_sb; Sockbuf *lconn_sb;
#ifdef HAVE_TLS
/* tls context */
void *lconn_tls_ctx;
#endif
#ifdef HAVE_CYRUS_SASL #ifdef HAVE_CYRUS_SASL
void *lconn_sasl_authctx; /* context for bind */ void *lconn_sasl_authctx; /* context for bind */
void *lconn_sasl_sockctx; /* for security layer */ void *lconn_sasl_sockctx; /* for security layer */
......
...@@ -764,8 +764,10 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn ) ...@@ -764,8 +764,10 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
} else { } else {
struct ldapoptions *lo; struct ldapoptions *lo;
void *ctx = ld->ld_defconn void *ctx;
? ld->ld_defconn->lconn_tls_ctx : NULL;
lo = &ld->ld_options;
ctx = lo->ldo_tls_ctx;
ssl = alloc_handle( ctx ); ssl = alloc_handle( ctx );
...@@ -780,9 +782,8 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn ) ...@@ -780,9 +782,8 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
if( ctx == NULL ) { if( ctx == NULL ) {
ctx = tls_def_ctx; ctx = tls_def_ctx;
conn->lconn_tls_ctx = tls_def_ctx; lo->ldo_tls_ctx = ctx;
} }
lo = &ld->ld_options;
if ( lo->ldo_tls_connect_cb ) if ( lo->ldo_tls_connect_cb )
lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg ); lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
lo = LDAP_INT_GLOBAL_OPT(); lo = LDAP_INT_GLOBAL_OPT();
...@@ -1245,7 +1246,7 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg ) ...@@ -1245,7 +1246,7 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
if ( ld == NULL ) { if ( ld == NULL ) {
*(void **)arg = (void *) tls_def_ctx; *(void **)arg = (void *) tls_def_ctx;
} else { } else {
*(void **)arg = ld->ld_defconn->lconn_tls_ctx; *(void **)arg = lo->ldo_tls_ctx;
} }
break; break;
case LDAP_OPT_X_TLS_CACERTFILE: case LDAP_OPT_X_TLS_CACERTFILE:
...@@ -1347,7 +1348,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg ) ...@@ -1347,7 +1348,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
tls_def_ctx = (SSL_CTX *) arg; tls_def_ctx = (SSL_CTX *) arg;
} else { } else {
ld->ld_defconn->lconn_tls_ctx = arg; lo->ldo_tls_ctx = arg;
} }
return 0; return 0;
case LDAP_OPT_X_TLS_CONNECT_CB: case LDAP_OPT_X_TLS_CONNECT_CB:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment