Fix -H ldaps:// crashes due to rework of TLS code

author Kurt Zeilenga <kurt@openldap.org>

Mon, 27 Aug 2001 20:22:28 +0000 (20:22 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Mon, 27 Aug 2001 20:22:28 +0000 (20:22 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Mon, 27 Aug 2001 20:22:28 +0000 (20:22 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Mon, 27 Aug 2001 20:22:28 +0000 (20:22 +0000)
diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h

index a90b72e31bd99f2957b1eb65488e0d689fd923fe..80a66c5ae9f98295c06ae75085448ad7acc81f82 100644 (file)
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -557,7 +557,7 @@ LDAP_F (int) ldap_int_tls_config LDAP_P(( LDAP *ld,
         int option, const char *arg ));
  
  LDAP_F (int) ldap_int_tls_start LDAP_P(( LDAP *ld,
-       LDAPConn *conn ));
+       LDAPConn *conn, LDAPURLDesc *srv ));
  
  LDAP_END_DECL
  
diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c

index 0b1c10e700dd6ba8ad6e74d7817d0ca14442852a..451d3a0b767df46c00576aa4882c479093a39390 100644 (file)
--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@@ -313,12 +313,6 @@ ldap_int_open_connection(
                         break;
         }
  
-#ifdef HAVE_CYRUS_SASL
-       if( sasl_host != NULL ) {
-               ldap_int_sasl_open( ld, conn, sasl_host, sasl_ssf );
-       }
-#endif
-
         ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_readahead,
                 LBER_SBIOD_LEVEL_PROVIDER, NULL );
  
@@ -333,7 +327,7 @@ ldap_int_open_connection(
         {
                 ++conn->lconn_refcnt;   /* avoid premature free */
  
-               rc = ldap_int_tls_start( ld, conn );
+               rc = ldap_int_tls_start( ld, conn, srv );
  
                 --conn->lconn_refcnt;
  
@@ -343,6 +337,12 @@ ldap_int_open_connection(
         }
  #endif
  
+#ifdef HAVE_CYRUS_SASL
+       if( sasl_host != NULL ) {
+               ldap_int_sasl_open( ld, conn, sasl_host, sasl_ssf );
+       }
+#endif
+
  #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
         if ( conn->lconn_krbinstance == NULL ) {
                 char *c;
diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c

index 3841fded78d046b32cf7e84ae8658076543c5792..2e067d9a326fc70902b089693cfc138306489938 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -250,8 +250,7 @@ alloc_handle( void *ctx_arg )
         if ( ctx_arg ) {
                 ctx = (SSL_CTX *) ctx_arg;
         } else {
-               if ( ldap_pvt_tls_init_def_ctx() < 0 )
-                       return NULL;
+               if ( ldap_pvt_tls_init_def_ctx() < 0 ) return NULL;
                 ctx = tls_def_ctx;
         }
  
@@ -557,23 +556,30 @@ static int
  ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
  {
         Sockbuf *sb = conn->lconn_sb;
-       void *ctx = ld->ld_defconn->lconn_tls_ctx;
-
         int     err;
         SSL     *ssl;
  
         if ( HAS_TLS( sb ) ) {
                 ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
+
         } else {
+               void *ctx = ld->ld_defconn
+                       ? ld->ld_defconn->lconn_tls_ctx : NULL;
+
                 ssl = alloc_handle( ctx );
-               if ( ssl == NULL )
-                       return -1;
+
+               if ( ssl == NULL ) return -1;
+
  #ifdef LDAP_DEBUG
                 ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
                         LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" );
  #endif
                 ber_sockbuf_add_io( sb, &ldap_pvt_sockbuf_io_tls,
                         LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
+
+               if( ctx == NULL ) {
+                       conn->lconn_tls_ctx = tls_def_ctx;
+               }
         }
  
         err = SSL_connect( ssl );
@@ -582,8 +588,9 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
         errno = WSAGetLastError();
  #endif
         if ( err <= 0 ) {
-               if ( update_flags( sb, ssl, err ))
+               if ( update_flags( sb, ssl, err )) {
                         return 1;
+               }
                 if ((err = ERR_peek_error())) {
                         char buf[256];
                         ld->ld_error = LDAP_STRDUP(ERR_error_string(err, buf));
@@ -597,6 +604,7 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
  #endif
                 return -1;
         }
+
         return 0;
  }
  
@@ -951,15 +959,20 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
  }
  
  int
-ldap_int_tls_start ( LDAP *ld, LDAPConn *conn )
+ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
  {
         Sockbuf *sb = conn->lconn_sb;
-       char *host = conn->lconn_server->lud_host;
         void *ctx = ld->ld_defconn->lconn_tls_ctx;
-
+       char *host;
         char *peer_cert_cn;
         void *ssl;
  
+       if( srv ) {
+               host = srv->lud_host;
+       } else {
+               host = conn->lconn_server->lud_host;
+       }
+
         (void) ldap_pvt_tls_init();
  
         /*
@@ -1209,7 +1222,7 @@ ldap_start_tls_s ( LDAP *ld,
                 ber_bvfree( rspdata );
         }
  
-       rc = ldap_int_tls_start( ld, ld->ld_defconn );
+       rc = ldap_int_tls_start( ld, ld->ld_defconn, NULL );
  #else
         rc = LDAP_NOT_SUPPORTED;
  #endif
author	Kurt Zeilenga <kurt@openldap.org>
	Mon, 27 Aug 2001 20:22:28 +0000 (20:22 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Mon, 27 Aug 2001 20:22:28 +0000 (20:22 +0000)
libraries/libldap/ldap-int.h		patch \| blob \| history
libraries/libldap/open.c		patch \| blob \| history
libraries/libldap/tls.c		patch \| blob \| history