case LDAP_OPT_X_TLS_CERTFILE:
case LDAP_OPT_X_TLS_KEYFILE:
case LDAP_OPT_X_TLS_RANDOM_FILE:
- return ldap_pvt_tls_set_option( NULL, option, (void *) arg );
+ return ldap_pvt_tls_set_option( ld, option, (void *) arg );
case LDAP_OPT_X_TLS_REQUIRE_CERT:
i = ( ( strcasecmp( arg, "on" ) == 0 ) ||
( strcasecmp( arg, "yes" ) == 0) ||
( strcasecmp( arg, "true" ) == 0 ) );
- return ldap_pvt_tls_set_option( NULL, option, (void *) &i );
+ return ldap_pvt_tls_set_option( ld, option, (void *) &i );
case LDAP_OPT_X_TLS:
i = -1;
ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
{
Sockbuf *sb = conn->lconn_sb;
- void *ctx = ld->ld_defconn->lconn_tls_ctx;
char *host;
void *ssl;
- int ret;
if( srv ) {
host = srv->lud_host;
* Fortunately, the lib uses blocking io...
*/
if ( ldap_int_tls_connect( ld, conn ) < 0 ) {
- return LDAP_CONNECT_ERROR;
+ ld->ld_errno = LDAP_CONNECT_ERROR;
+ return (ld->ld_errno);
}
ssl = (void *) ldap_pvt_tls_sb_ctx( sb );
assert( ssl != NULL );
/*
- * compare host with name(s) in certificate
+ * compare host with name(s) in certificate. avoid NULL host
*/
- ret = ldap_pvt_tls_check_hostname( ssl, host );
- if (ret != LDAP_SUCCESS)
- return ret;
+ if( host == NULL )
+ host = "localhost";
+ ld->ld_errno = ldap_pvt_tls_check_hostname( ssl, host );
+ if (ld->ld_errno != LDAP_SUCCESS) {
+ return ld->ld_errno;
+ }
/*
* set SASL properties to TLS ssf and authid
ssf = ldap_pvt_tls_get_strength( ssl );
authid = ldap_pvt_tls_get_peer( ssl );
- (void) ldap_int_sasl_external( ld, authid, ssf );
+ (void) ldap_int_sasl_external( ld, conn, authid, ssf );
}
return LDAP_SUCCESS;