]> git.sur5r.net Git - openldap/commitdiff
projects / openldap / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c4f5497)
Rework tls check
authorKurt Zeilenga <kurt@openldap.org>
Mon, 25 Jun 2001 18:20:14 +0000 (18:20 +0000)
committerKurt Zeilenga <kurt@openldap.org>
Mon, 25 Jun 2001 18:20:14 +0000 (18:20 +0000)
Needs to be connection specific

libraries/libldap/tls.c patch | blob | history

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index d048608821f649e006f0720154b616f94bf41431..82d40ac70a4bbea204198bd7aaa07b3c19b5c85e 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -954,9 +954,8 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
 int
 ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg )
 {
-#if 0
+       char *ld_host = ld->ld_conns->lconn_server->lud_host;
        char *peer_cert_cn;
-#endif
        void *ssl;
 
        (void) ldap_pvt_tls_init();
@@ -971,7 +970,6 @@ ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg )
        ssl = (void *) ldap_pvt_tls_sb_handle( sb );
        assert( ssl != NULL );
 
-#if 0
        /* 
         * compare host with name in certificate 
         */
@@ -985,16 +983,15 @@ ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg )
                return LDAP_LOCAL_ERROR;
        }
 
-       if ( strcasecmp( ld->ld_host, peer_cert_cn ) != 0 ) {
+       if ( strcasecmp( ld_host, peer_cert_cn ) != 0 ) {
                Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
                        "common name in certificate (%s).\n", 
-                       ld->ld_host, peer_cert_cn, 0 );
+                       ld_host, peer_cert_cn, 0 );
                LDAP_FREE( peer_cert_cn );
                return LDAP_CONNECT_ERROR;
        }
 
        LDAP_FREE( peer_cert_cn );
-#endif
 
        /*
         * set SASL properties to TLS ssf and authid
Cloned from git://git.openldap.org/openldap.git