[Pkg-openldap-devel] Bug#512693: slapd - ldap proxy with tls enforces cert check even if disabled
Bastian Blank
waldi at debian.org
Sun Jan 25 14:42:16 UTC 2009
tags 512693 patch
thanks
Reason found. In ldap_back_prepare_conn the tls settings are applied via
a bindconf_tls_set call _once_, while the settings are per connection.
The attached patch changes this to apply the settings for each
connection.
There is similar code in servers/slapd/config.c, which may be changed
also.
Bastian
-------------- next part --------------
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -684,9 +684,8 @@
sb = &li->li_tls;
}
- if ( sb->sb_tls_do_init ) {
- bindconf_tls_set( sb, ld );
- } else if ( sb->sb_tls_ctx ) {
+ bindconf_tls_set( sb, ld );
+ if ( sb->sb_tls_ctx ) {
ldap_set_option( ld, LDAP_OPT_X_TLS_CTX, sb->sb_tls_ctx );
}
More information about the Pkg-openldap-devel
mailing list