diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
index 37e012aed7ded3ee7e997511a52e73b341b3d561..10ffe2794177b28c7f5816247156790fa9d49d60 100644
--- a/libraries/libldap/tls2.c
+++ b/libraries/libldap/tls2.c
@@ -42,6 +42,8 @@
 #endif
 
 static tls_impl *tls_imp = &ldap_int_tls_impl;
+#define HAS_TLS( sb )	ber_sockbuf_ctrl( sb, LBER_SB_OPT_HAS_IO, \
+				(void *)tls_imp->ti_sbio )
 
 #endif /* HAVE_TLS */
 
@@ -329,8 +331,9 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
 	int	err;
 	tls_session	*ssl = NULL;
 
-	ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
-	if ( !ssl ) {
+	if ( HAS_TLS( sb )) {
+		ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
+	} else {
 		struct ldapoptions *lo;
 		tls_ctx *ctx;
 
@@ -410,8 +413,9 @@ ldap_pvt_tls_accept( Sockbuf *sb, void *ctx_arg )
 	int	err;
 	tls_session	*ssl = NULL;
 
-	ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
-	if ( !ssl ) {
+	if ( HAS_TLS( sb )) {
+		ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
+	} else {
 		ssl = alloc_handle( ctx_arg, 1 );
 		if ( ssl == NULL ) return -1;
 
@@ -451,10 +455,7 @@ ldap_pvt_tls_accept( Sockbuf *sb, void *ctx_arg )
 int
 ldap_pvt_tls_inplace ( Sockbuf *sb )
 {
-	tls_session	*ssl = NULL;
-
-	ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
-	return ssl != NULL;
+	return HAS_TLS( sb ) ? 1 : 0;
 }
 
 int