Commit 68b508d2 authored by Julio Sánchez Fernández's avatar Julio Sánchez Fernández
Browse files

Move calls to ldap_pvt_tls_accept to connection_read instead of

connection_init so that we get into the select() logic.
Make use of new flags in the connection.
BTW, and before I forget, it sort of works.  I have connected with
a Netscape client using a secure connection and did a failed
search (my test database is empty), but the trace looked correct.
Make sure you have your CA certificate in your Netscape preinstalled.
Otherwise, the connection fails with error 0xFFFFFFFF that is rather
uninformative.
parent 85acec92
......@@ -394,20 +394,10 @@ long connection_init(
c->c_conn_state = SLAP_C_INACTIVE;
c->c_struct_state = SLAP_C_USED;
#ifdef HAVE_TLS
if ( use_tls ) {
/* FIXME: >0 means incomplete read */
if ( ldap_pvt_tls_accept( c->c_sb, NULL ) < 0 ) {
Debug( LDAP_DEBUG_ANY,
"connection_init(%d): TLS accept failed.\n",
s, 0, 0);
ldap_pvt_thread_mutex_unlock( &c->c_mutex );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
connection_destroy( c );
return -1;
}
c->c_is_tls = 1;
c->c_needs_tls_accept = 1;
}
#endif
ldap_pvt_thread_mutex_unlock( &c->c_mutex );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
......@@ -796,6 +786,26 @@ int connection_read(ber_socket_t s)
"connection_read(%d): checking for input on id=%ld\n",
s, c->c_connid, 0 );
#ifdef HAVE_TLS
if ( c->c_is_tls && c->c_needs_tls_accept ) {
rc = ldap_pvt_tls_accept( c->c_sb, NULL );
if ( rc < 0 ) {
Debug( LDAP_DEBUG_TRACE,
"connection_read(%d): TLS accept error error=%d id=%ld, closing.\n",
s, rc, c->c_connid );
/* connections_mutex and c_mutex are locked */
connection_closing( c );
connection_close( c );
} else if ( rc == 0 ) {
c->c_needs_tls_accept = 0;
}
connection_return( c );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
return 0;
}
#endif
#define CONNECTION_INPUT_LOOP 1
#ifdef DATA_READY_LOOP
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment