From 9b38cd2572c996d98e362dffbb4270328e9f52a8 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Mon, 26 Apr 2004 01:10:49 +0000
Subject: [PATCH] ITS#3109 - added slap_tls_ctx

---
 servers/slapd/connection.c |  2 +-
 servers/slapd/main.c       | 34 +++++++++++++++++++++++++---------
 servers/slapd/proto-slap.h |  1 +
 3 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
index 034d30686e..228c2ee009 100644
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -1279,7 +1279,7 @@ int connection_read(ber_socket_t s)
 
 #ifdef HAVE_TLS
 	if ( c->c_is_tls && c->c_needs_tls_accept ) {
-		rc = ldap_pvt_tls_accept( c->c_sb, NULL );
+		rc = ldap_pvt_tls_accept( c->c_sb, slap_tls_ctx );
 		if ( rc < 0 ) {
 #if 0 /* required by next #if 0 */
 			struct timeval tv;
diff --git a/servers/slapd/main.c b/servers/slapd/main.c
index 274399e1f5..0fdef6bc87 100644
--- a/servers/slapd/main.c
+++ b/servers/slapd/main.c
@@ -132,6 +132,8 @@ static int   cnvt_str2int( char *, STRDISP_P, int );
 static int check = CHECK_NONE;
 static int version = 0;
 
+void *slap_tls_ctx;
+
 static void
 usage( char *name )
 {
@@ -622,18 +624,32 @@ int main( int argc, char **argv )
 		goto destroy;
 	}
 
-	rc = ldap_pvt_tls_init_def_ctx();
-	if( rc != 0) {
+	{
+		void *def_ctx = NULL;
+
+		/* Save existing default ctx, if any */
+		ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &def_ctx );
+
+		/* Force new ctx to be created */
+		ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, NULL );
+
+		rc = ldap_pvt_tls_init_def_ctx();
+		if( rc != 0) {
 #ifdef NEW_LOGGING
-		LDAP_LOG( SLAPD, CRIT, "main: tls init def ctx failed: %d\n", rc, 0, 0 );
+			LDAP_LOG( SLAPD, CRIT, "main: tls init def ctx failed: %d\n", rc, 0, 0 );
 #else
-		Debug( LDAP_DEBUG_ANY,
-		    "main: TLS init def ctx failed: %d\n",
-		    rc, 0, 0 );
+			Debug( LDAP_DEBUG_ANY,
+			    "main: TLS init def ctx failed: %d\n",
+			    rc, 0, 0 );
 #endif
-		rc = 1;
-		SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
-		goto destroy;
+			rc = 1;
+			SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
+			goto destroy;
+		}
+		/* Retrieve slapd's own ctx */
+		ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &slap_tls_ctx );
+		/* Restore previous ctx */
+		ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, def_ctx );
 	}
 #endif
 
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index b79a7d6003..4f34534816 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -582,6 +582,7 @@ LDAP_SLAPD_V( const struct berval ) slap_unknown_bv;
 LDAP_SLAPD_V( const struct berval ) slap_true_bv;
 LDAP_SLAPD_V( const struct berval ) slap_false_bv;
 LDAP_SLAPD_V( struct slap_sync_cookie_s ) slap_sync_cookie;
+LDAP_SLAPD_V( void * ) slap_tls_ctx;
 
 /*
  * index.c
-- 
GitLab