ITS#5360 move tls option setup

diff --git a/servers/slapd/init.c b/servers/slapd/init.c
index d99453df33daac576062a3ace69d68b5caa72a31..73e42250679fc54d1fd3c91ff4d21baa1a16710f 100644 (file)
--- a/servers/slapd/init.c
+++ b/servers/slapd/init.c
@@ -179,16 +179,6 @@ slap_init( int mode, const char *name )
                return 1;
        }
 
-#ifdef HAVE_TLS
-       /* Library defaults to full certificate checking. This is correct when
-        * a client is verifying a server because all servers should have a
-        * valid cert. But few clients have valid certs, so we want our default
-        * to be no checking. The config file can override this as usual.
-        */
-       rc = 0;
-       (void) ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc );
-#endif
-
        if ( frontend_init() ) {
                slap_debug |= LDAP_DEBUG_NONE;
                Debug( LDAP_DEBUG_ANY,

diff --git a/servers/slapd/main.c b/servers/slapd/main.c
index 2a4bb85c919adbb36513e9fac3a9370e09790592..70dae327d6acd11958a37885239f7a83e42a09c2 100644 (file)
--- a/servers/slapd/main.c
+++ b/servers/slapd/main.c
@@ -736,6 +736,13 @@ unhandled_option:;
                SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
                goto destroy;
        }
+       /* Library defaults to full certificate checking. This is correct when
+        * a client is verifying a server because all servers should have a
+        * valid cert. But few clients have valid certs, so we want our default
+        * to be no checking. The config file can override this as usual.
+        */
+       rc = LDAP_OPT_X_TLS_NEVER;
+       (void) ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc );
 #endif
 
        rc = slap_init( serverMode, serverName );