Commit 3c3e75e4 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Improve TLS error response

parent df3018cb
......@@ -916,7 +916,7 @@ ldap_pvt_tls_get_peer_hostname( void *s )
}
int
ldap_pvt_tls_check_hostname( void *s, const char *name_in )
ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in )
{
int i, ret = LDAP_LOCAL_ERROR;
X509 *x;
......@@ -1019,6 +1019,7 @@ ldap_pvt_tls_check_hostname( void *s, const char *name_in )
"TLS: unable to get common name from peer certificate.\n",
0, 0, 0 );
#endif
ld->ld_error = LDAP_STRDUP("TLS: unable to get CN from peer certificate");
} else if (strcasecmp(name, buf)) {
#ifdef NEW_LOGGING
......@@ -1031,6 +1032,7 @@ ldap_pvt_tls_check_hostname( void *s, const char *name_in )
name, buf, 0 );
#endif
ret = LDAP_CONNECT_ERROR;
ld->ld_error = LDAP_STRDUP("TLS: hostname does not match CN in peer certificate");
} else {
ret = LDAP_SUCCESS;
......@@ -1308,7 +1310,7 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
/*
* compare host with name(s) in certificate
*/
ld->ld_errno = ldap_pvt_tls_check_hostname( ssl, host );
ld->ld_errno = ldap_pvt_tls_check_hostname( ld, ssl, host );
if (ld->ld_errno != LDAP_SUCCESS) {
return ld->ld_errno;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment