Add TLS options to bindconf struct

diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index 2598291bc5ab157f48c2e1d71a7f583b00a54dbe..de523df14285ad8bd6696339b2dcd51751ffba2a 100644 (file)
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -1034,6 +1034,17 @@ static slap_cf_aux_table bindkey[] = {
        { BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 'b', 0, NULL },
        { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 0, NULL },
        { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, NULL },
+#ifdef HAVE_TLS
+       { BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL },
+       { BER_BVC("tls_key="), offsetof(slap_bindconf, sb_tls_key), 's', 1, NULL },
+       { BER_BVC("tls_cacert="), offsetof(slap_bindconf, sb_tls_cacert), 's', 1, NULL },
+       { BER_BVC("tls_cacertdir="), offsetof(slap_bindconf, sb_tls_cacertdir), 's', 1, NULL },
+       { BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 1, NULL },
+       { BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 1, NULL },
+#ifdef HAVE_OPENSSL_CRL
+       { BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 1, NULL },
+#endif
+#endif
        { BER_BVNULL, 0, 0, 0, NULL }
 };
 
@@ -1243,6 +1254,38 @@ void bindconf_free( slap_bindconf *bc ) {
                ch_free( bc->sb_authzId.bv_val );
                BER_BVZERO( &bc->sb_authzId );
        }
+#ifdef HAVE_TLS
+       if ( bc->sb_tls_cert ) {
+               ch_free( bc->sb_tls_cert );
+               bc->sb_tls_cert = NULL;
+       }
+       if ( bc->sb_tls_key ) {
+               ch_free( bc->sb_tls_key );
+               bc->sb_tls_key = NULL;
+       }
+       if ( bc->sb_tls_cacert ) {
+               ch_free( bc->sb_tls_cacert );
+               bc->sb_tls_cacert = NULL;
+       }
+       if ( bc->sb_tls_cacertdir ) {
+               ch_free( bc->sb_tls_cacertdir );
+               bc->sb_tls_cacertdir = NULL;
+       }
+       if ( bc->sb_tls_reqcert ) {
+               ch_free( bc->sb_tls_reqcert );
+               bc->sb_tls_reqcert = NULL;
+       }
+       if ( bc->sb_tls_cipher_suite ) {
+               ch_free( bc->sb_tls_cipher_suite );
+               bc->sb_tls_cipher_suite = NULL;
+       }
+#ifdef HAVE_OPENSSL_CRL
+       if ( bc->sb_tls_crlcheck ) {
+               ch_free( bc->sb_tls_crlcheck );
+               bc->sb_tls_crlcheck = NULL;
+       }
+#endif
+#endif
 }
 
 

diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index bf9eb8a26308fb3af87f095f014f2ac0da2680fd..cff8f0bfb4a313b1c64679bae1e0981e5399726f 100644 (file)
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -1520,6 +1520,17 @@ typedef struct slap_bindconf {
        struct berval sb_realm;
        struct berval sb_authcId;
        struct berval sb_authzId;
+#ifdef HAVE_TLS
+       char *sb_tls_cert;
+       char *sb_tls_key;
+       char *sb_tls_cacert;
+       char *sb_tls_cacertdir;
+       char *sb_tls_reqcert;
+       char *sb_tls_cipher_suite;
+#ifdef HAVE_OPENSSL_CRL
+       char *sb_tls_crlcheck;
+#endif
+#endif
 } slap_bindconf;
 
 struct slap_replica_info {