ldap_pvt_str2lower LDAP_P(( char *str ));
/* tls.c */
-LDAP_F (int) ldap_pvt_tls_init LDAP_P(( void ));
-LDAP_F (int) ldap_pvt_tls_connect LDAP_P(( struct ldap *ld,
- Sockbuf *sb, void *ctx_arg ));
-LDAP_F (int) ldap_pvt_tls_accept LDAP_P(( Sockbuf *sb, void *ctx_arg ));
-LDAP_F (void *) ldap_pvt_tls_sb_handle LDAP_P(( Sockbuf *sb ));
-LDAP_F (void *) ldap_pvt_tls_get_handle LDAP_P(( struct ldap *ld ));
-LDAP_F (char *) ldap_pvt_tls_get_peer LDAP_P(( void *handle ));
-LDAP_F (char *) ldap_pvt_tls_get_peer_dn LDAP_P(( void *handle ));
-LDAP_F (int) ldap_pvt_tls_get_strength LDAP_P(( void *handle ));
-LDAP_F (int) ldap_pvt_tls_inplace LDAP_P(( Sockbuf *sb ));
-LDAP_F (int) ldap_pvt_tls_start LDAP_P(( struct ldap *ld,
- Sockbuf *sb, void *ctx_arg ));
LDAP_F (int) ldap_pvt_tls_get_option LDAP_P(( struct ldap *ld,
int option, void *arg ));
LDAP_F (int) ldap_pvt_tls_set_option LDAP_P(( struct ldap *ld,
int option, void *arg ));
+LDAP_F (int) ldap_pvt_tls_init LDAP_P(( void ));
+LDAP_F (int) ldap_pvt_tls_accept LDAP_P(( Sockbuf *sb, void *ctx_arg ));
+LDAP_F (int) ldap_pvt_tls_inplace LDAP_P(( Sockbuf *sb ));
+LDAP_F (void *) ldap_pvt_tls_get_ctx LDAP_P(( Sockbuf *sb ));
+
+LDAP_F (int) ldap_pvt_tls_init_default_ctx LDAP_P(( void ));
+
+LDAP_F (char *) ldap_pvt_tls_get_peer LDAP_P(( void *ctx ));
+LDAP_F (char *) ldap_pvt_tls_get_peer_dn LDAP_P(( void *ctx ));
+LDAP_F (int) ldap_pvt_tls_get_strength LDAP_P(( void *ctx ));
+
LDAP_END_DECL
#include "ldap_pvt_uc.h"
LDAP_F (int) ldap_int_tls_config LDAP_P(( LDAP *ld,
int option, const char *arg ));
+LDAP_F (int) ldap_int_tls_start LDAP_P(( LDAP *ld,
+ LDAPConn *conn ));
+
LDAP_END_DECL
#endif /* _LDAP_INT_H */
if (ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ||
strcmp( srv->lud_scheme, "ldaps" ) == 0 )
{
- LDAPConn *savedefconn = ld->ld_defconn;
++conn->lconn_refcnt; /* avoid premature free */
- ld->ld_defconn = conn;
- rc = ldap_pvt_tls_start( ld, conn->lconn_sb,
- conn->lconn_tls_ctx );
+ rc = ldap_int_tls_start( ld, conn );
- ld->ld_defconn = savedefconn;
--conn->lconn_refcnt;
if (rc != LDAP_SUCCESS) {
default:
#ifdef HAVE_TLS
- if ( ldap_pvt_tls_set_option( lo, option, (void *)invalue ) == 0 )
+ if ( ldap_pvt_tls_set_option( ld, option, (void *)invalue ) == 0 )
return LDAP_OPT_SUCCESS;
#endif
#ifdef HAVE_CYRUS_SASL
* and call again.
*/
-int
-ldap_pvt_tls_connect( LDAP *ld, Sockbuf *sb, void *ctx_arg )
+static int
+ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
{
+ Sockbuf *sb = conn->lconn_sb;
+ void *ctx = ld->ld_defconn->lconn_tls_ctx;
+
int err;
SSL *ssl;
if ( HAS_TLS( sb ) ) {
ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
} else {
- ssl = alloc_handle( ctx_arg );
+ ssl = alloc_handle( ctx );
if ( ssl == NULL )
return -1;
#ifdef LDAP_DEBUG
}
void *
-ldap_pvt_tls_sb_handle( Sockbuf *sb )
+ldap_pvt_tls_sb_ctx( Sockbuf *sb )
{
void *p;
return NULL;
}
-void *
-ldap_pvt_tls_get_handle( LDAP *ld )
-{
- return ldap_pvt_tls_sb_handle( ld->ld_sb );
-}
-
int
ldap_pvt_tls_get_strength( void *s )
{
}
int
-ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg )
+ldap_int_tls_start ( LDAP *ld, LDAPConn *conn )
{
- char *ld_host = ld->ld_conns->lconn_server->lud_host;
+ Sockbuf *sb = conn->lconn_sb;
+ char *host = conn->lconn_server->lud_host;
+ void *ctx = ld->ld_defconn->lconn_tls_ctx;
+
char *peer_cert_cn;
void *ssl;
/*
* Fortunately, the lib uses blocking io...
*/
- if ( ldap_pvt_tls_connect( ld, sb, ctx_arg ) < 0 ) {
+ if ( ldap_int_tls_connect( ld, conn ) < 0 ) {
return LDAP_CONNECT_ERROR;
}
- ssl = (void *) ldap_pvt_tls_sb_handle( sb );
+ ssl = (void *) ldap_pvt_tls_sb_ctx( sb );
assert( ssl != NULL );
/*
return LDAP_LOCAL_ERROR;
}
- if ( strcasecmp( ld_host, peer_cert_cn ) != 0 ) {
+ if ( strcasecmp( host, peer_cert_cn ) != 0 ) {
Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
"common name in certificate (%s).\n",
- ld_host, peer_cert_cn, 0 );
+ host, peer_cert_cn, 0 );
LDAP_FREE( peer_cert_cn );
return LDAP_CONNECT_ERROR;
}
LDAPControl **serverctrls,
LDAPControl **clientctrls )
{
-#ifdef HAVE_TLS
int rc;
+
+#ifdef HAVE_TLS
char *rspoid = NULL;
struct berval *rspdata = NULL;
ber_bvfree( rspdata );
}
- rc = ldap_pvt_tls_start( ld, ld->ld_sb,
- ld->ld_defconn->lconn_tls_ctx );
-
- return rc;
+ rc = ldap_int_tls_start( ld, ld->ld_defconn );
#else
- return LDAP_NOT_SUPPORTED;
+ rc = LDAP_NOT_SUPPORTED;
#endif
+ return rc;
}
c->c_needs_tls_accept = 0;
/* we need to let SASL know */
- ssl = (void *)ldap_pvt_tls_sb_handle( c->c_sb );
+ ssl = (void *)ldap_pvt_tls_sb_ctx( c->c_sb );
c->c_tls_ssf = (slap_ssf_t) ldap_pvt_tls_get_strength( ssl );
if( c->c_tls_ssf > c->c_ssf ) {
projects / openldap / commitdiff