/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2006 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#include <stdio.h>
#include <ac/socket.h>
-
-#include <ldap_pvt.h>
+#include <ac/string.h>
#include "slap.h"
+#include "lber_pvt.h"
-#ifdef HAVE_TLS
+const struct berval slap_EXOP_START_TLS = BER_BVC(LDAP_EXOP_START_TLS);
+#ifdef HAVE_TLS
int
starttls_extop ( Operation *op, SlapReply *rs )
{
- void *ctx;
int rc;
+ Statslog( LDAP_DEBUG_STATS, "%s STARTTLS\n",
+ op->o_log_prefix, 0, 0, 0, 0 );
+
if ( op->ore_reqdata != NULL ) {
/* no request data should be provided */
rs->sr_text = "no request data expected";
( op->o_conn->c_dn.bv_len != 0 ) )
{
Statslog( LDAP_DEBUG_STATS,
- "conn=%lu op=%lu AUTHZ anonymous mech=starttls ssf=0\n",
- op->o_connid, op->o_opid, 0, 0, 0 );
+ "%s AUTHZ anonymous mech=starttls ssf=0\n",
+ op->o_log_prefix, 0, 0, 0, 0 );
/* force to anonymous */
connection2anonymous( op->o_conn );
}
/* fail if TLS could not be initialized */
- if (ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &ctx ) != 0
- || ctx == NULL)
- {
+ if ( slap_tls_ctx == NULL ) {
if (default_referral != NULL) {
/* caller will put the referral in the result */
rc = LDAP_REFERRAL;
/* give up connection lock */
ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
- /*
- * RACE CONDITION: we give up lock before sending result
+ /* FIXME: RACE CONDITION! we give up lock before sending result
* Should be resolved by reworking connection state, not
* by moving send here (so as to ensure proper TLS sequencing)
*/