+
+ /* we need to let SASL know */
+ ssl = ldap_pvt_tls_sb_ctx( c->c_sb );
+
+ c->c_tls_ssf = (slap_ssf_t) ldap_pvt_tls_get_strength( ssl );
+ if( c->c_tls_ssf > c->c_ssf ) {
+ c->c_ssf = c->c_tls_ssf;
+ }
+
+ rc = dnX509peerNormalize( ssl, &authid );
+ if ( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONNECTION, INFO,
+ "connection_read: conn %lu unable to get TLS client DN, "
+ "error %d\n", c->c_connid, rc, 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_read(%d): unable to get TLS client DN "
+ "error=%d id=%lu\n",
+ s, rc, c->c_connid );
+#endif
+ }
+ slap_sasl_external( c, c->c_tls_ssf, authid.bv_val );
+ if ( authid.bv_val ) free( authid.bv_val );
+ }
+
+ /* if success and data is ready, fall thru to data input loop */
+ if( rc != 0 ||
+ !ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_DATA_READY, NULL ) )
+ {
+ connection_return( c );
+ ldap_pvt_thread_mutex_unlock( &connections_mutex );
+ return 0;