Import TLS cert check fixes from HEAD

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index f31c97973c5958fb9fb7156b98cb400618e8213f..ac7fc6a987b0722570668e98caf135ba14f2a2e9 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -478,7 +478,7 @@ sb_tls_bio_read( BIO *b, char *buf, int len )
 }
 
 static int
-sb_tls_bio_write( BIO *b, char *buf, int len )
+sb_tls_bio_write( BIO *b, const char *buf, int len )
 {
        struct tls_data         *p;
        int                     ret;
@@ -491,7 +491,7 @@ sb_tls_bio_write( BIO *b, char *buf, int len )
        if ( p == NULL || p->sbiod == NULL )
                return 0;
 
-       ret = LBER_SBIOD_WRITE_NEXT( p->sbiod, buf, len );
+       ret = LBER_SBIOD_WRITE_NEXT( p->sbiod, (char *)buf, len );
 
        BIO_clear_retry_flags( b );
        if ( ret < 0 && errno == EWOULDBLOCK )
@@ -501,7 +501,7 @@ sb_tls_bio_write( BIO *b, char *buf, int len )
 }
 
 static long
-sb_tls_bio_ctrl( BIO *b, int cmd, long num, char *ptr )
+sb_tls_bio_ctrl( BIO *b, int cmd, long num, void *ptr )
 {
        if ( cmd == BIO_CTRL_FLUSH ) {
                /* The OpenSSL library needs this */
@@ -517,7 +517,7 @@ sb_tls_bio_gets( BIO *b, char *buf, int len )
 }
 
 static int
-sb_tls_bio_puts( BIO *b, char *str )
+sb_tls_bio_puts( BIO *b, const char *str )
 {
        return sb_tls_bio_write( b, str, strlen( str ) );
 }
@@ -1069,9 +1069,11 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
        assert( ssl != NULL );
 
        /* 
-        * compare host with name(s) in certificate 
+        * compare host with name(s) in certificate. avoid NULL host
         */
 
+       if( host == NULL )
+               host = "localhost";
        ld->ld_errno = ldap_pvt_tls_check_hostname( ssl, host );
        if (ld->ld_errno != LDAP_SUCCESS) {
                return ld->ld_errno;