if ( err < 0 )
{
- char buf[256];
if ( update_flags( sb, ssl, err )) return 1;
- Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n",
- tls_imp->ti_session_errmsg( err, buf, sizeof(buf) ),0,0 );
+ if ( DebugTest( LDAP_DEBUG_ANY ) ) {
+ char buf[256], *msg;
+ msg = tls_imp->ti_session_errmsg( err, buf, sizeof(buf) );
+ Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n",
+ msg ? msg : "(unknown)", 0, 0 );
+ }
ber_sockbuf_remove_io( sb, tls_imp->ti_sbio,
LBER_SBIOD_LEVEL_TRANSPORT );
}
return ldap_pvt_tls_set_option( ld, option, &i );
}
+#ifdef HAVE_OPENSSL_CRL
case LDAP_OPT_X_TLS_CRLCHECK: /* OpenSSL only */
i = -1;
if ( strcasecmp( arg, "none" ) == 0 ) {
return ldap_pvt_tls_set_option( ld, option, &i );
}
return -1;
+#endif
}
return -1;
}
case LDAP_OPT_X_TLS_PROTOCOL_MIN:
*(int *)arg = lo->ldo_tls_protocol_min;
break;
- case LDAP_OPT_X_TLS_RANDOM_FILE: /* OpenSSL only */
+ case LDAP_OPT_X_TLS_RANDOM_FILE:
*(char **)arg = lo->ldo_tls_randfile ?
LDAP_STRDUP( lo->ldo_tls_randfile ) : NULL;
break;
return 0;
}
return -1;
+#ifdef HAVE_OPENSSL_CRL
case LDAP_OPT_X_TLS_CRLCHECK: /* OpenSSL only */
if ( !arg ) return -1;
switch( *(int *) arg ) {
return 0;
}
return -1;
+#endif
case LDAP_OPT_X_TLS_CIPHER_SUITE:
if ( lo->ldo_tls_ciphersuite ) LDAP_FREE( lo->ldo_tls_ciphersuite );
lo->ldo_tls_ciphersuite = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
if ( !arg ) return -1;
lo->ldo_tls_protocol_min = *(int *)arg;
return 0;
-
- case LDAP_OPT_X_TLS_RANDOM_FILE: /* OpenSSL only */
+ case LDAP_OPT_X_TLS_RANDOM_FILE:
if ( ld != NULL )
return -1;
if ( lo->ldo_tls_randfile ) LDAP_FREE (lo->ldo_tls_randfile );
lo->ldo_tls_randfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
break;
-
case LDAP_OPT_X_TLS_NEWCTX:
if ( !arg ) return -1;
if ( lo->ldo_tls_ctx )
struct berval der_dn;
int rc;
- tls_imp->ti_session_my_dn( session, &der_dn );
- rc = ldap_X509dn2bv(&der_dn, dn, (LDAPDN_rewrite_func *)func, flags );
+ rc = tls_imp->ti_session_my_dn( session, &der_dn );
+ if ( rc == LDAP_SUCCESS )
+ rc = ldap_X509dn2bv(&der_dn, dn, (LDAPDN_rewrite_func *)func, flags );
return rc;
}
#endif /* HAVE_TLS */