} else if ( rc == 0 ) {
void *ssl;
- char *authid;
+ struct berval authid;
c->c_needs_tls_accept = 0;
c->c_ssf = c->c_tls_ssf;
}
- authid = dnX509peerNormalize( ssl );
- slap_sasl_external( c, c->c_tls_ssf, authid );
- if ( authid ) free( authid );
+ rc = dnX509peerNormalize( ssl, &authid );
+ if ( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "connection", LDAP_LEVEL_INFO,
+ "connection_read: conn %lu unable to get TLS client DN, error %d\n",
+ c->c_connid, rc));
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_read(%d): unable to get TLS client DN "
+ "error=%d id=%lu\n",
+ s, rc, c->c_connid );
+#endif
+ }
+ slap_sasl_external( c, c->c_tls_ssf, authid.bv_val );
+ if ( authid.bv_val ) free( authid.bv_val );
}
connection_return( c );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
/*
* Get the TLS session's peer's DN into a normalized LDAP DN
*/
-char *
-dnX509peerNormalize( void *ssl )
+int
+dnX509peerNormalize( void *ssl, struct berval *dn )
{
- return ldap_pvt_tls_get_peer_dn( ssl, (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
+
+ return ldap_pvt_tls_get_peer_dn( ssl, dn, (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
}
#endif
LDAP_SLAPD_F (int) dnX509normalize LDAP_P(( void *x509_name, struct berval *out ));
-LDAP_SLAPD_F (char *) dnX509peerNormalize LDAP_P(( void *ssl ));
+LDAP_SLAPD_F (int) dnX509peerNormalize LDAP_P(( void *ssl, struct berval *dn ));
/*
* entry.c
projects / openldap / commitdiff