X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Ftls2.c;h=3c440e9e518a3a9cc6e6c6bd958d62770b1af345;hb=e22dc83ac096d1239a6903199f5dc3231b0f444b;hp=871ffe574c0f444c1a57e9bbd09e29aeedefa193;hpb=efba08cb53a8230a18f0b751b5bdb5def09d859c;p=openldap diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c index 871ffe574c..3c440e9e51 100644 --- a/libraries/libldap/tls2.c +++ b/libraries/libldap/tls2.c @@ -434,11 +434,14 @@ ldap_pvt_tls_accept( Sockbuf *sb, void *ctx_arg ) if ( err < 0 ) { - char buf[256]; if ( update_flags( sb, ssl, err )) return 1; - Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n", - tls_imp->ti_session_errmsg( err, buf, sizeof(buf) ),0,0 ); + if ( DebugTest( LDAP_DEBUG_ANY ) ) { + char buf[256], *msg; + msg = tls_imp->ti_session_errmsg( err, buf, sizeof(buf) ); + Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n", + msg ? msg : "(unknown)", 0, 0 ); + } ber_sockbuf_remove_io( sb, tls_imp->ti_sbio, LBER_SBIOD_LEVEL_TRANSPORT ); @@ -559,6 +562,7 @@ ldap_int_tls_config( LDAP *ld, int option, const char *arg ) } return ldap_pvt_tls_set_option( ld, option, &i ); } +#ifdef HAVE_OPENSSL_CRL case LDAP_OPT_X_TLS_CRLCHECK: /* OpenSSL only */ i = -1; if ( strcasecmp( arg, "none" ) == 0 ) { @@ -572,6 +576,7 @@ ldap_int_tls_config( LDAP *ld, int option, const char *arg ) return ldap_pvt_tls_set_option( ld, option, &i ); } return -1; +#endif } return -1; } @@ -647,7 +652,7 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg ) case LDAP_OPT_X_TLS_PROTOCOL_MIN: *(int *)arg = lo->ldo_tls_protocol_min; break; - case LDAP_OPT_X_TLS_RANDOM_FILE: /* OpenSSL only */ + case LDAP_OPT_X_TLS_RANDOM_FILE: *(char **)arg = lo->ldo_tls_randfile ? LDAP_STRDUP( lo->ldo_tls_randfile ) : NULL; break; @@ -763,6 +768,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg ) return 0; } return -1; +#ifdef HAVE_OPENSSL_CRL case LDAP_OPT_X_TLS_CRLCHECK: /* OpenSSL only */ if ( !arg ) return -1; switch( *(int *) arg ) { @@ -773,6 +779,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg ) return 0; } return -1; +#endif case LDAP_OPT_X_TLS_CIPHER_SUITE: if ( lo->ldo_tls_ciphersuite ) LDAP_FREE( lo->ldo_tls_ciphersuite ); lo->ldo_tls_ciphersuite = arg ? LDAP_STRDUP( (char *) arg ) : NULL; @@ -782,14 +789,12 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg ) if ( !arg ) return -1; lo->ldo_tls_protocol_min = *(int *)arg; return 0; - - case LDAP_OPT_X_TLS_RANDOM_FILE: /* OpenSSL only */ + case LDAP_OPT_X_TLS_RANDOM_FILE: if ( ld != NULL ) return -1; if ( lo->ldo_tls_randfile ) LDAP_FREE (lo->ldo_tls_randfile ); lo->ldo_tls_randfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; break; - case LDAP_OPT_X_TLS_NEWCTX: if ( !arg ) return -1; if ( lo->ldo_tls_ctx ) @@ -870,8 +875,9 @@ ldap_pvt_tls_get_my_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func, struct berval der_dn; int rc; - tls_imp->ti_session_my_dn( session, &der_dn ); - rc = ldap_X509dn2bv(&der_dn, dn, (LDAPDN_rewrite_func *)func, flags ); + rc = tls_imp->ti_session_my_dn( session, &der_dn ); + if ( rc == LDAP_SUCCESS ) + rc = ldap_X509dn2bv(&der_dn, dn, (LDAPDN_rewrite_func *)func, flags ); return rc; } #endif /* HAVE_TLS */