+#endif
+
+#ifdef HAVE_TLS
+ if ( c->c_is_tls && c->c_needs_tls_accept ) {
+ rc = ldap_pvt_tls_accept( c->c_sb, NULL );
+ if ( rc < 0 ) {
+#if 0 /* required by next #if 0 */
+ struct timeval tv;
+ fd_set rfd;
+#endif
+
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "connection", LDAP_LEVEL_ERR,
+ "connection_read: conn %d TLS accept error, error %d\n",
+ c->c_connid, rc ));
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_read(%d): TLS accept error "
+ "error=%d id=%ld, closing\n",
+ s, rc, c->c_connid );
+#endif
+ c->c_needs_tls_accept = 0;
+ /* connections_mutex and c_mutex are locked */
+ connection_closing( c );
+
+#if 0
+ /* Drain input before close, to allow SSL error codes
+ * to propagate to client. */
+ FD_ZERO(&rfd);
+ FD_SET(s, &rfd);
+ for (rc=1; rc>0;)
+ {
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ rc = select(s+1, &rfd, NULL, NULL, &tv);
+ if (rc == 1)
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_DRAIN,
+ NULL);
+ }
+#endif
+ connection_close( c );
+
+ } else if ( rc == 0 ) {
+ void *ssl;
+ char *authid;
+
+ c->c_needs_tls_accept = 0;
+
+ /* we need to let SASL know */
+ ssl = (void *)ldap_pvt_tls_sb_ctx( c->c_sb );
+
+ c->c_tls_ssf = (slap_ssf_t) ldap_pvt_tls_get_strength( ssl );
+ if( c->c_tls_ssf > c->c_ssf ) {
+ c->c_ssf = c->c_tls_ssf;
+ }
+
+ authid = (char *)ldap_pvt_tls_get_peer( ssl );
+ slap_sasl_external( c, c->c_tls_ssf, authid );
+ }
+ connection_return( c );
+ ldap_pvt_thread_mutex_unlock( &connections_mutex );
+ return 0;
+ }
+#endif
+
+#ifdef HAVE_CYRUS_SASL
+ if ( c->c_sasl_layers ) {
+ c->c_sasl_layers = 0;
+
+ rc = ldap_pvt_sasl_install( c->c_sb, c->c_sasl_context );
+
+ if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "connection", LDAP_LEVEL_ERR,
+ "connection_read: conn %d SASL install error %d, closing\n",
+ c->c_connid, rc ));
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_read(%d): SASL install error "
+ "error=%d id=%ld, closing\n",
+ s, rc, c->c_connid );
+#endif
+ /* connections_mutex and c_mutex are locked */
+ connection_closing( c );
+ connection_close( c );
+ connection_return( c );
+ ldap_pvt_thread_mutex_unlock( &connections_mutex );
+ return 0;
+ }
+ }
+#endif