Commit 6d75d0f8 authored by Julio Sánchez Fernández's avatar Julio Sánchez Fernández
Browse files

connection_init now takes one more argument that indicates whether to

use TLS right away or not on that connection.
parent 6cd03236
...@@ -50,6 +50,7 @@ static void connection_close( Connection *c ); ...@@ -50,6 +50,7 @@ static void connection_close( Connection *c );
static int connection_op_activate( Connection *conn, Operation *op ); static int connection_op_activate( Connection *conn, Operation *op );
static int connection_resched( Connection *conn ); static int connection_resched( Connection *conn );
static void connection_abandon( Connection *conn ); static void connection_abandon( Connection *conn );
static void connection_destroy( Connection *c );
struct co_arg { struct co_arg {
Connection *co_conn; Connection *co_conn;
...@@ -271,7 +272,8 @@ static void connection_return( Connection *c ) ...@@ -271,7 +272,8 @@ static void connection_return( Connection *c )
long connection_init( long connection_init(
ber_socket_t s, ber_socket_t s,
const char* name, const char* name,
const char* addr) const char* addr,
int use_tls)
{ {
unsigned long id; unsigned long id;
Connection *c; Connection *c;
...@@ -392,6 +394,21 @@ long connection_init( ...@@ -392,6 +394,21 @@ long connection_init(
c->c_conn_state = SLAP_C_INACTIVE; c->c_conn_state = SLAP_C_INACTIVE;
c->c_struct_state = SLAP_C_USED; c->c_struct_state = SLAP_C_USED;
#ifdef HAVE_TLS
if ( use_tls ) {
/* FIXME: >0 means incomplete read */
if ( ldap_pvt_tls_accept( c->c_sb, NULL ) < 0 ) {
Debug( LDAP_DEBUG_ANY,
"connection_init(%d): TLS accept failed.\n",
s, 0, 0);
ldap_pvt_thread_mutex_unlock( &c->c_mutex );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
connection_destroy( c );
return -1;
}
}
#endif
ldap_pvt_thread_mutex_unlock( &c->c_mutex ); ldap_pvt_thread_mutex_unlock( &c->c_mutex );
ldap_pvt_thread_mutex_unlock( &connections_mutex ); ldap_pvt_thread_mutex_unlock( &connections_mutex );
......
...@@ -330,7 +330,7 @@ slapd_daemon_task( ...@@ -330,7 +330,7 @@ slapd_daemon_task(
} }
} else { } else {
if( connection_init( (ber_socket_t) 0, NULL, NULL ) ) { if( connection_init( (ber_socket_t) 0, NULL, NULL, 0 ) ) {
Debug( LDAP_DEBUG_ANY, Debug( LDAP_DEBUG_ANY,
"connection_init(%d) failed.\n", "connection_init(%d) failed.\n",
0, 0, 0 ); 0, 0, 0 );
...@@ -579,7 +579,8 @@ slapd_daemon_task( ...@@ -579,7 +579,8 @@ slapd_daemon_task(
} }
#endif /* HAVE_TCPD */ #endif /* HAVE_TCPD */
if( (id = connection_init(s, client_name, client_addr)) < 0 ) { if( (id = connection_init(s, client_name, client_addr,
listeners[l].use_tls)) < 0 ) {
Debug( LDAP_DEBUG_ANY, Debug( LDAP_DEBUG_ANY,
"daemon: connection_init(%ld, %s, %s) failed.\n", "daemon: connection_init(%ld, %s, %s) failed.\n",
(long) s, (long) s,
......
...@@ -144,7 +144,7 @@ int connections_timeout_idle LDAP_P((time_t)); ...@@ -144,7 +144,7 @@ int connections_timeout_idle LDAP_P((time_t));
long connection_init LDAP_P(( long connection_init LDAP_P((
ber_socket_t s, ber_socket_t s,
const char* name, const char* addr)); const char* name, const char* addr, int use_tls));
void connection_closing LDAP_P(( Connection *c )); void connection_closing LDAP_P(( Connection *c ));
int connection_state_closing LDAP_P(( Connection *c )); int connection_state_closing LDAP_P(( Connection *c ));
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment