- /* here's some pseudo-code if HAVE_TLS is defined
- * but for some reason TLS is not available.
- */
- /*
- if (tls not really supported) {
- if (referral exists) {
- // caller will need to put the referral into the result
- return(LDAP_REFERRAL);
- }
- return(LDAP_UNAVAILABLE);
+ if ( ( global_disallows & SLAP_DISALLOW_TLS_AUTHC ) &&
+ ( conn->c_dn.bv_len != 0 ) )
+ {
+ *text = "cannot start TLS after authentication";
+ rc = LDAP_OPERATIONS_ERROR;
+ goto done;
+ }
+
+ /* fail if TLS could not be initialized */
+ if (ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &ctx ) != 0
+ || ctx == NULL)
+ {
+ if (default_referral != NULL) {
+ /* caller will put the referral in the result */
+ rc = LDAP_REFERRAL;
+ goto done;