create SASL_LIBS to hold -lsasl

[openldap] / libraries / libldap / open.c

diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c
index e9a7353ab66b4a71db401d8f9f5f675795f5c10c..93019b0915c52b2e55bfb5d9d73f9035cbf2fc81 100644 (file)
--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@@ -236,13 +236,13 @@ open_ldap_connection( LDAP *ld, Sockbuf *sb, const char *host, int defport,
                            port = defport;   
                        }
 
-                       if (( rc = ldap_connect_to_host( sb, curhost, 0L,
+                       if (( rc = ldap_connect_to_host( ld, sb, curhost, 0L,
                            port, async )) != -1 ) {
                                break;
                        }
                }
        } else {
-               rc = ldap_connect_to_host( sb, NULL, htonl( INADDR_LOOPBACK ),
+               rc = ldap_connect_to_host( ld, sb, 0, htonl( INADDR_LOOPBACK ),
                    defport, async );
        }
 
@@ -252,6 +252,20 @@ open_ldap_connection( LDAP *ld, Sockbuf *sb, const char *host, int defport,
    
        ber_pvt_sb_set_io( sb, &ber_pvt_sb_io_tcp, NULL );
 
+#ifdef HAVE_TLS
+       if ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ) {
+               /*
+                * Fortunately, the lib uses blocking io...
+                */
+               if ( ldap_pvt_tls_connect( sb, ld->ld_options.ldo_tls_ctx ) < 
+                    0 ) {
+                       return -1;
+               }
+               /* FIXME: hostname of server must be compared with name in
+                * certificate....
+                */
+       }
+#endif
        if ( krbinstancep != NULL ) {
 #ifdef HAVE_KERBEROS
                char *c;