TLS SSF does not imply a transport_ssf.

author Kurt Zeilenga <kurt@openldap.org>

Sat, 28 Aug 2004 21:58:20 +0000 (21:58 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Sat, 28 Aug 2004 21:58:20 +0000 (21:58 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Sat, 28 Aug 2004 21:58:20 +0000 (21:58 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Sat, 28 Aug 2004 21:58:20 +0000 (21:58 +0000)
diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c

index e2de42ec6e894c5cc8435b29ab2622b0fc0d0349..5f9cd34869b2b5dd8d458e5bd3f56c1ca231b35d 100644 (file)
--- a/servers/slapd/syncrepl.c
+++ b/servers/slapd/syncrepl.c
@@ -312,15 +312,17 @@ do_syncrep1(
         /* Set SSF to strongest of TLS, SASL SSFs */
         op->o_sasl_ssf = 0;
         op->o_tls_ssf = 0;
+       op->o_transport_ssf = 0;
  #ifdef HAVE_TLS
-       if ( ldap_get_option( si->si_ld, LDAP_OPT_X_TLS_SSL_CTX, &ssl ) == LDAP_SUCCESS &&
-            ssl != NULL ) {
+       if ( ldap_get_option( si->si_ld, LDAP_OPT_X_TLS_SSL_CTX, &ssl )
+               == LDAP_SUCCESS && ssl != NULL )
+       {
                 op->o_tls_ssf = ldap_pvt_tls_get_strength( ssl );
         }
  #endif /* HAVE_TLS */
         ldap_get_option( si->si_ld, LDAP_OPT_X_SASL_SSF, &op->o_sasl_ssf );
-       op->o_transport_ssf = op->o_ssf = ( op->o_sasl_ssf > op->o_tls_ssf ) ?
-               op->o_sasl_ssf : op->o_tls_ssf;
+       op->o_ssf = ( op->o_sasl_ssf > op->o_tls_ssf )
+               ?  op->o_sasl_ssf : op->o_tls_ssf;
  
         /* get syncrepl cookie of shadow replica from subentry */
         assert( si->si_rid < 1000 );
author	Kurt Zeilenga <kurt@openldap.org>
	Sat, 28 Aug 2004 21:58:20 +0000 (21:58 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Sat, 28 Aug 2004 21:58:20 +0000 (21:58 +0000)