ITS#399: timelimit/timeout handling

[openldap] / libraries / libldap / tls.c

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 3373d822fc35a37501b91b06f3376dc1a6371e65..ba0a9e69474091dae2251d4940ca57bf8b6526d8 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -110,6 +110,7 @@ ldap_pvt_tls_init( void )
 
        if ( tls_initialized )
                return -1;
+       tls_initialized = 1;
 #ifdef LDAP_R_COMPILE
        tls_init_threads();
 #endif
@@ -147,25 +148,28 @@ ldap_pvt_tls_init_def_ctx( void )
                        tls_report_error();
                        goto error_exit;
                }
-               if ( !SSL_CTX_load_verify_locations( tls_def_ctx,
-                                                    tls_opt_cacertfile,
-                                                    tls_opt_cacertdir ) ||
-                    !SSL_CTX_set_default_verify_paths( tls_def_ctx ) ) {
-                       Debug( LDAP_DEBUG_ANY,
-               "TLS: could not load verify locations (file:`%s',dir:`%s').\n",
-                              tls_opt_cacertfile,tls_opt_cacertdir,0);
-                       tls_report_error();
-                       goto error_exit;
-               }
-               calist = get_ca_list( tls_opt_cacertfile, tls_opt_cacertdir );
-               if ( !calist ) {
-                       Debug( LDAP_DEBUG_ANY,
-               "TLS: could not load client CA list (file:`%s',dir:`%s').\n",
-                              tls_opt_cacertfile,tls_opt_cacertdir,0);
-                       tls_report_error();
-                       goto error_exit;
+               if (tls_opt_cacertfile != NULL || tls_opt_cacertdir != NULL) {
+                       if ( !SSL_CTX_load_verify_locations( tls_def_ctx,
+                                                            tls_opt_cacertfile,
+                                                            tls_opt_cacertdir )
+                            || !SSL_CTX_set_default_verify_paths( tls_def_ctx ) )
+                       {
+                               Debug( LDAP_DEBUG_ANY,
+                       "TLS: could not load verify locations (file:`%s',dir:`%s').\n",
+                                      tls_opt_cacertfile,tls_opt_cacertdir,0);
+                               tls_report_error();
+                               goto error_exit;
+                       }
+                       calist = get_ca_list( tls_opt_cacertfile, tls_opt_cacertdir );
+                       if ( !calist ) {
+                               Debug( LDAP_DEBUG_ANY,
+                       "TLS: could not load client CA list (file:`%s',dir:`%s').\n",
+                                      tls_opt_cacertfile,tls_opt_cacertdir,0);
+                               tls_report_error();
+                               goto error_exit;
+                       }
+                       SSL_CTX_set_client_CA_list( tls_def_ctx, calist );
                }
-               SSL_CTX_set_client_CA_list( tls_def_ctx, calist );
                if ( tls_opt_keyfile &&
                     !SSL_CTX_use_PrivateKey_file( tls_def_ctx,
                                                   tls_opt_keyfile,
@@ -208,6 +212,10 @@ ldap_pvt_tls_init_def_ctx( void )
 #endif
        return 0;
 error_exit:
+       if ( tls_def_ctx != NULL ) {
+               SSL_CTX_free( tls_def_ctx );
+               tls_def_ctx = NULL;
+       }
 #ifdef LDAP_R_COMPILE
        ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
 #endif
@@ -352,6 +360,14 @@ ldap_pvt_tls_accept( Sockbuf *sb, void *ctx_arg )
        return 0;
 }
 
+int
+ldap_pvt_tls_inplace ( Sockbuf *sb )
+{
+       if ( HAS_TLS( sb ) )
+               return(1);
+       return(0);
+}
+
 const char *
 ldap_pvt_tls_get_peer( LDAP *ld )
 {
@@ -493,6 +509,24 @@ ldap_pvt_tls_set_option( struct ldapoptions *lo, int option, void *arg )
        return 0;
 }
 
+int
+ldap_pvt_tls_start ( Sockbuf *sb, void *ctx_arg )
+{
+       /*
+        * Fortunately, the lib uses blocking io...
+        */
+       if ( ldap_pvt_tls_connect( sb, ctx_arg ) < 0 ) {
+               return LDAP_CONNECT_ERROR;
+       }
+
+       /* FIXME: hostname of server must be compared with name in
+        * certificate....
+        */
+
+       return LDAP_SUCCESS;
+}
+
+
 static int
 tls_setup( Sockbuf *sb, void *arg )
 {