Move lconn_tls_ctx to ldo_tls_ctx. Otherwise clients cannot set it after

ldap_initializ'ing an LD and before connecting on it. Really all of the
global TLS options belong in the ldapoptions struct, instead of static vars.

diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
index ba6e98a6dc5b21f912e87076c73617b0dff8f09f..533ef352963855594e91085cbd39a14268eec37a 100644 (file)
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -169,6 +169,8 @@ struct ldapoptions {
        ber_int_t               ldo_sizelimit;
 
 #ifdef HAVE_TLS
+       /* tls context */
+       void            *ldo_tls_ctx;
        int                     ldo_tls_mode;
        LDAP_TLS_CONNECT_CB     *ldo_tls_connect_cb;
        void*                   ldo_tls_connect_arg;
@@ -210,10 +212,6 @@ struct ldapoptions {
  */
 typedef struct ldap_conn {
        Sockbuf         *lconn_sb;
-#ifdef HAVE_TLS
-       /* tls context */
-       void            *lconn_tls_ctx;
-#endif
 #ifdef HAVE_CYRUS_SASL
        void            *lconn_sasl_authctx;    /* context for bind */
        void            *lconn_sasl_sockctx;    /* for security layer */

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index c03c8446a8d69be9c5e502030a177847a885f27d..8cff2aa20750124957def387736a41ca2146a654 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -764,8 +764,10 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
 
        } else {
                struct ldapoptions *lo;
-               void *ctx = ld->ld_defconn
-                       ? ld->ld_defconn->lconn_tls_ctx : NULL;
+               void *ctx;
+
+               lo = &ld->ld_options;
+               ctx = lo->ldo_tls_ctx;
 
                ssl = alloc_handle( ctx );
 
@@ -780,9 +782,8 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
 
                if( ctx == NULL ) {
                        ctx = tls_def_ctx;
-                       conn->lconn_tls_ctx = tls_def_ctx;
+                       lo->ldo_tls_ctx = ctx;
                }
-               lo = &ld->ld_options;
                if ( lo->ldo_tls_connect_cb )
                        lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
                lo = LDAP_INT_GLOBAL_OPT();   
@@ -1245,7 +1246,7 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
                if ( ld == NULL ) {
                        *(void **)arg = (void *) tls_def_ctx;
                } else {
-                       *(void **)arg = ld->ld_defconn->lconn_tls_ctx;
+                       *(void **)arg = lo->ldo_tls_ctx;
                }
                break;
        case LDAP_OPT_X_TLS_CACERTFILE:
@@ -1347,7 +1348,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
                        tls_def_ctx = (SSL_CTX *) arg;
 
                } else {
-                       ld->ld_defconn->lconn_tls_ctx = arg;
+                       lo->ldo_tls_ctx = arg;
                }
                return 0;
        case LDAP_OPT_X_TLS_CONNECT_CB: