Assume TLS is properly configured if any one of

keyfile, certfile, cacertfile, or cacertdir is
provided.  Note that TLS can be properly configured
without any of these when non-X.509 cipher suites
are used, so this might have be rethought.

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 093d3360efa3e3604be1ba5c2d6e680c2024800c..6774fed54d4ce76bea6e1523d828af5b4ce42880 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -206,8 +206,11 @@ ldap_pvt_tls_init_def_ctx( void )
 #ifdef LDAP_R_COMPILE
        ldap_pvt_thread_mutex_lock( &tls_def_ctx_mutex );
 #endif
-       if (( !cacertfile && !cacertdir ) || !certfile || !keyfile )
+
+       if ( !certfile && !keyfile && !cacertfile && !cacertdir ) {
+               /* minimum configuration not provided */
                return LDAP_NOT_SUPPORTED;
+       }
 
 #ifdef HAVE_EBCDIC
        /* This ASCII/EBCDIC handling is a real pain! */