+int
+ldap_start_tls ( LDAP *ld,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls )
+{
+#ifdef HAVE_TLS
+ LDAPConn *lc;
+ int rc;
+ char *rspoid = NULL;
+ struct berval *rspdata = NULL;
+
+ if (ld->ld_conns == NULL) {
+ rc = ldap_open_defconn( ld );
+ if (rc != LDAP_SUCCESS)
+ return(rc);
+ }
+
+ for (lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next) {
+ if (ldap_pvt_tls_inplace(lc->lconn_sb) != 0)
+ return LDAP_OPERATIONS_ERROR;
+ rc = ldap_extended_operation_s(ld, LDAP_EXOP_START_TLS,
+ NULL, serverctrls, clientctrls, &rspoid, &rspdata);
+ if (rc != LDAP_SUCCESS)
+ return rc;
+ if (rspoid != NULL)
+ LDAP_FREE(rspoid);
+ if (rspdata != NULL)
+ ber_bvfree(rspdata);
+ rc = ldap_pvt_tls_start( ld, lc->lconn_sb, ld->ld_options.ldo_tls_ctx );
+ if (rc != LDAP_SUCCESS)
+ return rc;
+ }
+ return LDAP_SUCCESS;
+#else
+ return LDAP_NOT_SUPPORTED;
+#endif
+}
+