From cab25cc47e8371abe58d49bc82519e7a8d291c0f Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Mon, 12 Jan 2015 22:25:15 +0000
Subject: [PATCH] ITS#8022 don't skip TLS init for ldaps:// targets

---
 servers/slapd/back-meta/conn.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c
index d2e3c4399a..3a05d88af6 100644
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@@ -424,7 +424,7 @@ retry_lock:;
 	slap_client_keepalive(msc->msc_ld, &mt->mt_tls.sb_keepalive);
 
 #ifdef HAVE_TLS
-	if ( !is_ldaps ) {
+	{
 		slap_bindconf *sb = NULL;
 
 		if ( ispriv ) {
@@ -439,13 +439,15 @@ retry_lock:;
 			ldap_set_option( msc->msc_ld, LDAP_OPT_X_TLS_CTX, sb->sb_tls_ctx );
 		}
 
-		if ( sb == &mt->mt_idassert.si_bc && sb->sb_tls_ctx ) {
-			do_start_tls = 1;
+		if ( !is_ldaps ) {
+			if ( sb == &mt->mt_idassert.si_bc && sb->sb_tls_ctx ) {
+				do_start_tls = 1;
 
-		} else if ( META_BACK_TGT_USE_TLS( mt )
-			|| ( op->o_conn->c_is_tls && META_BACK_TGT_PROPAGATE_TLS( mt ) ) )
-		{
-			do_start_tls = 1;
+			} else if ( META_BACK_TGT_USE_TLS( mt )
+				|| ( op->o_conn->c_is_tls && META_BACK_TGT_PROPAGATE_TLS( mt ) ) )
+			{
+				do_start_tls = 1;
+			}
 		}
 	}
 
-- 
GitLab