A couple of options for TLS configuration. Still a conflict here,

the default context is initialized before the config file is read,
so the locations are not know at context initialization.

diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index 7f38737a9b7357369708df9c5a72892e159860fb..f95adad34f283521715b6713994a0e875f6efc3f 100644 (file)
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -45,7 +45,7 @@ read_config( char *fname )
        char    *line, *savefname, *saveline;
        int     cargc, savelineno;
        char    *cargv[MAXARGS];
-       int     lineno, i;
+       int     lineno, i, rc;
 
        static BackendInfo *bi = NULL;
        static BackendDB        *be = NULL;
@@ -600,6 +600,22 @@ read_config( char *fname )
                   
 #endif /*SLAPD_MODULES*/
 
+#ifdef HAVE_TLS
+               } else if ( !strcasecmp( cargv[0], "SSLCertificateFile" ) ) {
+                       rc = ldap_pvt_tls_set_option( NULL,
+                                                     LDAP_OPT_X_TLS_CERTFILE,
+                                                     cargv[1] );
+                       if ( rc )
+                               return rc;
+
+               } else if ( !strcasecmp( cargv[0], "SSLCertificateKeyFile" ) ) {
+                       rc = ldap_pvt_tls_set_option( NULL,
+                                                     LDAP_OPT_X_TLS_KEYFILE,
+                                                     cargv[1] );
+                       if ( rc )
+                               return rc;
+#endif
+
                /* pass anything else to the current backend info/db config routine */
                } else {
                        if ( bi != NULL ) {