From: Kurt Zeilenga <kurt@openldap.org>
Date: Wed, 12 Oct 2005 20:31:04 +0000 (+0000)
Subject: Assume TLS is properly configured if any one of
X-Git-Tag: OPENLDAP_REL_ENG_2_2_MP~284
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=0ea43c9d7d2fbf08b2078931bebfcaf443230878;p=openldap

Assume TLS is properly configured if any one of
keyfile, certfile, cacertfile, or cacertdir is
provided.  Note that TLS can be properly configured
without any of these when non-X.509 cipher suites
are used, so this might have be rethought.
---

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 093d3360ef..6774fed54d 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -206,8 +206,11 @@ ldap_pvt_tls_init_def_ctx( void )
 #ifdef LDAP_R_COMPILE
 	ldap_pvt_thread_mutex_lock( &tls_def_ctx_mutex );
 #endif
-	if (( !cacertfile && !cacertdir ) || !certfile || !keyfile )
+
+	if ( !certfile && !keyfile && !cacertfile && !cacertdir ) {
+		/* minimum configuration not provided */
 		return LDAP_NOT_SUPPORTED;
+	}
 
 #ifdef HAVE_EBCDIC
 	/* This ASCII/EBCDIC handling is a real pain! */