Fix --without-tls (ITS#4975). Enable certificate matching.

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index ace10b7e3c6e4fbca39b6e550b8c782edd10424a..f0cda0de325db7377dc45b779d87409f4ec75ffa 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -63,6 +63,8 @@
 #define HAS_TLS( sb )  ber_sockbuf_ctrl( sb, LBER_SB_OPT_HAS_IO, \
                                (void *)&sb_tls_sbio )
 
+#endif /* HAVE_TLS */
+
 /* RFC2459 minimum required set of supported attribute types
  * in a certificate DN
  */
@@ -92,6 +94,7 @@ static oid_name oids[] = {
        { BER_BVNULL, BER_BVNULL }
 };
 
+#ifdef HAVE_TLS
 #ifdef HAVE_GNUTLS
 
 typedef struct tls_cipher_suite {

diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index 509adb76e3ac3272a8c6bfda8706b6bdcda4a01f..cf92a72fc1c7494f063f7f4cd1982be50c1c179c 100644 (file)
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -1257,7 +1257,6 @@ int register_certificate_map_function(SLAP_CERT_MAP_FN *fn)
        return -1;
 }
 
-#ifdef HAVE_TLS
 /*
  * Convert an X.509 DN into a normalized LDAP DN
  */
@@ -1274,6 +1273,7 @@ dnX509normalize( void *x509_name, struct berval *out )
        return rc;
 }
 
+#ifdef HAVE_TLS
 /*
  * Get the TLS session's peer's DN into a normalized LDAP DN
  */

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 7bdfefe54e6552da48201ea6b05ec1a0b7d20538..965a1028c4485b1706c101392424b9539327a07a 100644 (file)
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -4536,12 +4536,8 @@ static slap_mrule_defs_rec mrule_defs[] = {
        {"( 2.5.13.34 NAME 'certificateExactMatch' "
                "SYNTAX 1.3.6.1.1.15.1 )",
                SLAP_MR_EQUALITY | SLAP_MR_EXT, certificateExactMatchSyntaxes,
-#ifdef HAVE_TLS
                NULL, certificateExactNormalize, octetStringMatch,
                octetStringIndexer, octetStringFilter,
-#else
-               NULL, NULL, NULL, NULL, NULL,
-#endif
                NULL },
 
        {"( 2.5.13.35 NAME 'certificateMatch' "

diff --git a/tests/scripts/defines.sh b/tests/scripts/defines.sh
index 7ae0f22e8f0cebfc456e4acc9beaaad7fee1d327..53bf7eb84347e253fd408f83c0602362124267c3 100755 (executable)
--- a/tests/scripts/defines.sh
+++ b/tests/scripts/defines.sh
@@ -43,7 +43,6 @@ VALSORT=${AC_valsort-valsortno}
 # misc
 WITH_SASL=${AC_WITH_SASL-no}
 USE_SASL=${SLAPD_USE_SASL-no}
-WITHTLS=${AC_WITHTLS-yes}
 ACI=${AC_ACI_ENABLED-acino}
 THREADS=${AC_THREADS-threadsno}
 

diff --git a/tests/scripts/test021-certificate b/tests/scripts/test021-certificate
index 6a1f1a512ead0fad3d441b463f7880c2afc6bb23..8a898b99fb4a70d3c35738adb42c268c709de974 100755 (executable)
--- a/tests/scripts/test021-certificate
+++ b/tests/scripts/test021-certificate
@@ -304,12 +304,7 @@ fi
 
 test $KILLSERVERS != no && kill -HUP $KILLPIDS
 
-if test "$WITHTLS" = no ; then 
-       echo "Certificate matching not suported without TLS"
-       LDIF=$CERTIFICATEOUT
-else
-       LDIF=$CERTIFICATETLS
-fi 
+LDIF=$CERTIFICATETLS
 
 echo "Filtering ldapsearch results..."
 . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT