From: Hallvard Furuseth <hallvard@openldap.org>
Date: Sun, 20 May 2007 22:48:21 +0000 (+0000)
Subject: Fix --without-tls (ITS#4975).  Enable certificate matching.
X-Git-Tag: OPENLDAP_REL_ENG_2_4_MP~448
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=101b6b93638da32b7dc9fe3f42189ef5cddc1dc4;p=openldap

Fix --without-tls (ITS#4975).  Enable certificate matching.
---

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index ace10b7e3c..f0cda0de32 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -63,6 +63,8 @@
 #define HAS_TLS( sb )	ber_sockbuf_ctrl( sb, LBER_SB_OPT_HAS_IO, \
 				(void *)&sb_tls_sbio )
 
+#endif /* HAVE_TLS */
+
 /* RFC2459 minimum required set of supported attribute types
  * in a certificate DN
  */
@@ -92,6 +94,7 @@ static oid_name oids[] = {
 	{ BER_BVNULL, BER_BVNULL }
 };
 
+#ifdef HAVE_TLS
 #ifdef HAVE_GNUTLS
 
 typedef struct tls_cipher_suite {
diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index 509adb76e3..cf92a72fc1 100644
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -1257,7 +1257,6 @@ int register_certificate_map_function(SLAP_CERT_MAP_FN *fn)
 	return -1;
 }
 
-#ifdef HAVE_TLS
 /*
  * Convert an X.509 DN into a normalized LDAP DN
  */
@@ -1274,6 +1273,7 @@ dnX509normalize( void *x509_name, struct berval *out )
 	return rc;
 }
 
+#ifdef HAVE_TLS
 /*
  * Get the TLS session's peer's DN into a normalized LDAP DN
  */
diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 7bdfefe54e..965a1028c4 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -4536,12 +4536,8 @@ static slap_mrule_defs_rec mrule_defs[] = {
 	{"( 2.5.13.34 NAME 'certificateExactMatch' "
 		"SYNTAX 1.3.6.1.1.15.1 )",
 		SLAP_MR_EQUALITY | SLAP_MR_EXT, certificateExactMatchSyntaxes,
-#ifdef HAVE_TLS
 		NULL, certificateExactNormalize, octetStringMatch,
 		octetStringIndexer, octetStringFilter,
-#else
-		NULL, NULL, NULL, NULL, NULL,
-#endif
 		NULL },
 
 	{"( 2.5.13.35 NAME 'certificateMatch' "
diff --git a/tests/scripts/defines.sh b/tests/scripts/defines.sh
index 7ae0f22e8f..53bf7eb843 100755
--- a/tests/scripts/defines.sh
+++ b/tests/scripts/defines.sh
@@ -43,7 +43,6 @@ VALSORT=${AC_valsort-valsortno}
 # misc
 WITH_SASL=${AC_WITH_SASL-no}
 USE_SASL=${SLAPD_USE_SASL-no}
-WITHTLS=${AC_WITHTLS-yes}
 ACI=${AC_ACI_ENABLED-acino}
 THREADS=${AC_THREADS-threadsno}
 
diff --git a/tests/scripts/test021-certificate b/tests/scripts/test021-certificate
index 6a1f1a512e..8a898b99fb 100755
--- a/tests/scripts/test021-certificate
+++ b/tests/scripts/test021-certificate
@@ -304,12 +304,7 @@ fi
 
 test $KILLSERVERS != no && kill -HUP $KILLPIDS
 
-if test "$WITHTLS" = no ; then 
-	echo "Certificate matching not suported without TLS"
-	LDIF=$CERTIFICATEOUT
-else
-	LDIF=$CERTIFICATETLS
-fi 
+LDIF=$CERTIFICATETLS
 
 echo "Filtering ldapsearch results..."
 . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT