Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Lukas However
OpenLDAP
Commits
4815d2c1
Commit
4815d2c1
authored
Jul 22, 2019
by
Quanah Gibson-Mount
Browse files
Revert "ITS#8427 Set up TLS settings on each reconnection"
This reverts commit
6f623dfa
.
parent
33d4c153
Changes
3
Hide whitespace changes
Inline
Side-by-side
servers/slapd/back-ldap/bind.c
View file @
4815d2c1
...
...
@@ -729,7 +729,11 @@ ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_
sb
=
&
li
->
li_tls
;
}
bindconf_tls_set
(
sb
,
ld
);
if
(
sb
->
sb_tls_do_init
)
{
bindconf_tls_set
(
sb
,
ld
);
}
else
if
(
sb
->
sb_tls_ctx
)
{
ldap_set_option
(
ld
,
LDAP_OPT_X_TLS_CTX
,
sb
->
sb_tls_ctx
);
}
/* if required by the bindconf configuration, force TLS */
if
(
(
sb
==
&
li
->
li_acl
||
sb
==
&
li
->
li_idassert
.
si_bc
)
&&
...
...
servers/slapd/back-meta/conn.c
View file @
4815d2c1
...
...
@@ -433,7 +433,11 @@ retry_lock:;
sb
=
&
mt
->
mt_tls
;
}
bindconf_tls_set
(
sb
,
msc
->
msc_ld
);
if
(
sb
->
sb_tls_do_init
)
{
bindconf_tls_set
(
sb
,
msc
->
msc_ld
);
}
else
if
(
sb
->
sb_tls_ctx
)
{
ldap_set_option
(
msc
->
msc_ld
,
LDAP_OPT_X_TLS_CTX
,
sb
->
sb_tls_ctx
);
}
if
(
!
is_ldaps
)
{
if
(
sb
==
&
mt
->
mt_idassert
.
si_bc
&&
sb
->
sb_tls_ctx
)
{
...
...
servers/slapd/config.c
View file @
4815d2c1
...
...
@@ -1864,7 +1864,7 @@ static struct {
int
bindconf_tls_set
(
slap_bindconf
*
bc
,
LDAP
*
ld
)
{
int
i
,
rc
,
res
=
0
;
int
i
,
rc
,
newctx
=
0
,
res
=
0
;
char
*
ptr
=
(
char
*
)
bc
,
**
word
;
bc
->
sb_tls_do_init
=
0
;
...
...
@@ -1878,7 +1878,8 @@ int bindconf_tls_set( slap_bindconf *bc, LDAP *ld )
"bindconf_tls_set: failed to set %s to %s
\n
"
,
bindtlsopts
[
i
].
key
,
*
word
,
0
);
res
=
-
1
;
}
}
else
newctx
=
1
;
}
}
if
(
bc
->
sb_tls_reqcert
)
{
...
...
@@ -1889,7 +1890,8 @@ int bindconf_tls_set( slap_bindconf *bc, LDAP *ld )
"bindconf_tls_set: failed to set tls_reqcert to %s
\n
"
,
bc
->
sb_tls_reqcert
,
0
,
0
);
res
=
-
1
;
}
}
else
newctx
=
1
;
}
if
(
bc
->
sb_tls_protocol_min
)
{
rc
=
ldap_int_tls_config
(
ld
,
LDAP_OPT_X_TLS_PROTOCOL_MIN
,
...
...
@@ -1899,7 +1901,8 @@ int bindconf_tls_set( slap_bindconf *bc, LDAP *ld )
"bindconf_tls_set: failed to set tls_protocol_min to %s
\n
"
,
bc
->
sb_tls_protocol_min
,
0
,
0
);
res
=
-
1
;
}
}
else
newctx
=
1
;
}
#ifdef HAVE_OPENSSL_CRL
if
(
bc
->
sb_tls_crlcheck
)
{
...
...
@@ -1910,15 +1913,17 @@ int bindconf_tls_set( slap_bindconf *bc, LDAP *ld )
"bindconf_tls_set: failed to set tls_crlcheck to %s
\n
"
,
bc
->
sb_tls_crlcheck
,
0
,
0
);
res
=
-
1
;
}
}
else
newctx
=
1
;
}
#endif
if
(
bc
->
sb_tls_ctx
)
{
rc
=
ldap_set_option
(
ld
,
LDAP_OPT_X_TLS_CTX
,
bc
->
sb_tls_ctx
);
if
(
rc
)
res
=
rc
;
}
else
{
if
(
newctx
)
{
int
opt
=
0
;
if
(
bc
->
sb_tls_ctx
)
{
ldap_pvt_tls_ctx_free
(
bc
->
sb_tls_ctx
);
bc
->
sb_tls_ctx
=
NULL
;
}
rc
=
ldap_set_option
(
ld
,
LDAP_OPT_X_TLS_NEWCTX
,
&
opt
);
if
(
rc
)
res
=
rc
;
...
...
@@ -1995,7 +2000,14 @@ slap_client_connect( LDAP **ldp, slap_bindconf *sb )
slap_client_keepalive
(
ld
,
&
sb
->
sb_keepalive
);
#ifdef HAVE_TLS
rc
=
bindconf_tls_set
(
sb
,
ld
);
if
(
sb
->
sb_tls_do_init
)
{
rc
=
bindconf_tls_set
(
sb
,
ld
);
}
else
if
(
sb
->
sb_tls_ctx
)
{
rc
=
ldap_set_option
(
ld
,
LDAP_OPT_X_TLS_CTX
,
sb
->
sb_tls_ctx
);
}
if
(
rc
)
{
Debug
(
LDAP_DEBUG_ANY
,
"slap_client_connect: "
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment