From 6c3433111c403617c842c1b0b74a7102509116f6 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Sun, 16 Sep 2001 22:37:25 +0000
Subject: [PATCH] Import TLS external fix from HEAD, hopefully it gets more
 testing here

---
 libraries/libldap/cyrus.c    | 7 ++-----
 libraries/libldap/ldap-int.h | 3 ++-
 libraries/libldap/tls.c      | 6 ++----
 3 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c
index af3d1ab382..6898d4e066 100644
--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@@ -662,6 +662,7 @@ ldap_int_sasl_bind(
 int
 ldap_int_sasl_external(
 	LDAP *ld,
+	LDAPConn *conn,
 	const char * authid,
 	ber_len_t ssf )
 {
@@ -669,11 +670,7 @@ ldap_int_sasl_external(
 	sasl_conn_t *ctx;
 	sasl_external_properties_t extprops;
 
-	if( ld->ld_defconn == NULL ) {
-		return LDAP_LOCAL_ERROR;
-	}
-
-	ctx = ld->ld_defconn->lconn_sasl_ctx;
+	ctx = conn->lconn_sasl_ctx;
 
 	if ( ctx == NULL ) {
 		return LDAP_LOCAL_ERROR;
diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
index 69719635bf..d5171055f4 100644
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -526,7 +526,8 @@ LDAP_F (int) ldap_int_sasl_open LDAP_P((
 LDAP_F (int) ldap_int_sasl_close LDAP_P(( LDAP *ld, LDAPConn *conn ));
 
 LDAP_F (int) ldap_int_sasl_external LDAP_P((
-	LDAP *ld, const char* authid, ber_len_t ssf ));
+	LDAP *ld, LDAPConn *conn,
+	const char* authid, ber_len_t ssf ));
 
 LDAP_F (int) ldap_int_sasl_get_option LDAP_P(( LDAP *ld,
 	int option, void *arg ));
diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 653caa3ee8..f31c97973c 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -1046,7 +1046,6 @@ int
 ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
 {
 	Sockbuf *sb = conn->lconn_sb;
-	void *ctx = ld->ld_defconn->lconn_tls_ctx;
 	char *host;
 	void *ssl;
 
@@ -1074,8 +1073,7 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
 	 */
 
 	ld->ld_errno = ldap_pvt_tls_check_hostname( ssl, host );
-	if (ld->ld_errno != LDAP_SUCCESS)
-	{
+	if (ld->ld_errno != LDAP_SUCCESS) {
 		return ld->ld_errno;
 	}
 
@@ -1090,7 +1088,7 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
 		ssf = ldap_pvt_tls_get_strength( ssl );
 		authid = ldap_pvt_tls_get_peer( ssl );
 
-		(void) ldap_int_sasl_external( ld, authid, ssf );
+		(void) ldap_int_sasl_external( ld, conn, authid, ssf );
 	}
 
 	return LDAP_SUCCESS;
-- 
GitLab