Partial support for a new option to help debug TLS connections,

[openldap] / libraries / libldap / open.c

diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c
index e9a7353ab66b4a71db401d8f9f5f675795f5c10c..419b4277e0cca5b215c193fe9fd04a0d034cfdee 100644 (file)
--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@@ -252,6 +252,20 @@ open_ldap_connection( LDAP *ld, Sockbuf *sb, const char *host, int defport,
    
        ber_pvt_sb_set_io( sb, &ber_pvt_sb_io_tcp, NULL );
 
+#ifdef HAVE_TLS
+       if ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ) {
+               /*
+                * Fortunately, the lib uses blocking io...
+                */
+               if ( ldap_pvt_tls_connect( sb, ld->ld_options.ldo_tls_ctx ) < 
+                    0 ) {
+                       return -1;
+               }
+               /* FIXME: hostname of server must be compared with name in
+                * certificate....
+                */
+       }
+#endif
        if ( krbinstancep != NULL ) {
 #ifdef HAVE_KERBEROS
                char *c;