Move ldap_pvt_tls_init call to ldap_pvt_tls_start

Relax user-only options on TLS_RANDFILE and TLS_REQCERT

diff --git a/libraries/libldap/init.c b/libraries/libldap/init.c
index 1941a8b980ecb4c8f9b1a1106ea6a74a6afea222..cf49633cb9045f32e0cd673352fb92b4d7a5c140 100644 (file)
--- a/libraries/libldap/init.c
+++ b/libraries/libldap/init.c
@@ -86,8 +86,8 @@ static const struct ol_attribute {
        {1, ATTR_TLS,           "TLS_KEY",              NULL,   LDAP_OPT_X_TLS_KEYFILE},
        {0, ATTR_TLS,           "TLS_CACERT",   NULL,   LDAP_OPT_X_TLS_CACERTFILE},
        {0, ATTR_TLS,           "TLS_CACERTDIR",NULL,   LDAP_OPT_X_TLS_CACERTDIR},
-       {1, ATTR_TLS,           "TLS_REQCERT",  NULL,   LDAP_OPT_X_TLS_REQUIRE_CERT},
-       {1, ATTR_TLS,           "TLS_RANDFILE", NULL,   LDAP_OPT_X_TLS_RANDOM_FILE},
+       {0, ATTR_TLS,           "TLS_REQCERT",  NULL,   LDAP_OPT_X_TLS_REQUIRE_CERT},
+       {0, ATTR_TLS,           "TLS_RANDFILE", NULL,   LDAP_OPT_X_TLS_RANDOM_FILE},
 #endif
 
        {0, ATTR_NONE,          NULL,           NULL,   0}
@@ -443,12 +443,6 @@ void ldap_int_initialize( struct ldapoptions *gopts, int *dbglvl )
 
        ldap_int_utils_init();
 
-#ifdef HAVE_TLS
-       ldap_pvt_tls_init();
-#endif
-
-       ldap_int_sasl_init();
-
        if ( ldap_int_tblsize == 0 )
                ldap_int_ip_init();
 
@@ -503,4 +497,6 @@ void ldap_int_initialize( struct ldapoptions *gopts, int *dbglvl )
        }
 
        openldap_ldap_init_w_env(gopts, NULL);
+
+       ldap_int_sasl_init();
 }

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index f16e4b1bb3731bd92d3b9448d3d3b7e4d33520e8..e5290018a924c47013c99911c79d8e89cf8b88dd 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -861,6 +861,8 @@ ldap_pvt_tls_set_option( struct ldapoptions *lo, int option, void *arg )
 int
 ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg )
 {
+       ldap_pvt_tls_init();
+
        /*
         * Fortunately, the lib uses blocking io...
         */