ITS#6053

diff --git a/CHANGES b/CHANGES
index e2adaf25b3dc2725f79f812d48981dd8d5096c8b..cb74f68f43fcb6ae2fd2df637ae655e4bd63be88 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,7 @@
 OpenLDAP 2.4 Change Log
 
 OpenLDAP 2.4.17 Engineering
+       Fixed libldap gnutls private key init (ITS#6053)
        Fixed slapd errno handling (ITS#6037)
        Fixed slapd global alloc handling (ITS#6054)
        Fixed slapd moduleload with static backends and modules (ITS#6016)

diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
index 738fb36fc3b8b3a117fa3ccd09c4aece2da5dfc8..e3c82bbc6f6f68fe1c2e9d3d884e1b8553b408e4 100644 (file)
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -354,6 +354,9 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
                gnutls_x509_crt_t certs[VERIFY_DEPTH];
                unsigned int max = VERIFY_DEPTH;
 
+               rc = gnutls_x509_privkey_init( &key );
+               if ( rc ) return -1;
+
                /* OpenSSL builds the cert chain for us, but GnuTLS
                 * expects it to be present in the certfile. If it's
                 * not, we have to build it ourselves. So we have to