From: Mark Valence <mrv@openldap.org>
Date: Mon, 6 Dec 1999 04:44:22 +0000 (+0000)
Subject: Changed ldap_pvt_tls_init_def_ctx() to not fail if there is no cacertfile/dir specifi... 
X-Git-Tag: UCDATA_2_4~140
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=15c83bef9da518054baa1362a16308145c6fb9e5;p=openldap

Changed ldap_pvt_tls_init_def_ctx() to not fail if there is no cacertfile/dir specified.  This lets LDAP_OPT_X_TLS_REQUIRE_CERT=0 work.  If LDAP_OPT_X_TLS_REQUIRE_CERT=1, connection will fail as appropriate since there is no CA list.
---

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 3373d822fc..a00ad4525f 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -147,25 +147,28 @@ ldap_pvt_tls_init_def_ctx( void )
 			tls_report_error();
 			goto error_exit;
 		}
-		if ( !SSL_CTX_load_verify_locations( tls_def_ctx,
-						     tls_opt_cacertfile,
-						     tls_opt_cacertdir ) ||
-		     !SSL_CTX_set_default_verify_paths( tls_def_ctx ) ) {
-			Debug( LDAP_DEBUG_ANY,
-	 	"TLS: could not load verify locations (file:`%s',dir:`%s').\n",
-			       tls_opt_cacertfile,tls_opt_cacertdir,0);
-			tls_report_error();
-			goto error_exit;
-		}
-		calist = get_ca_list( tls_opt_cacertfile, tls_opt_cacertdir );
-		if ( !calist ) {
-			Debug( LDAP_DEBUG_ANY,
-	 	"TLS: could not load client CA list (file:`%s',dir:`%s').\n",
-			       tls_opt_cacertfile,tls_opt_cacertdir,0);
-			tls_report_error();
-			goto error_exit;
+		if (tls_opt_cacertfile != NULL || tls_opt_cacertdir != NULL) {
+			if ( !SSL_CTX_load_verify_locations( tls_def_ctx,
+							     tls_opt_cacertfile,
+							     tls_opt_cacertdir )
+			     || !SSL_CTX_set_default_verify_paths( tls_def_ctx ) )
+			{
+				Debug( LDAP_DEBUG_ANY,
+		 	"TLS: could not load verify locations (file:`%s',dir:`%s').\n",
+				       tls_opt_cacertfile,tls_opt_cacertdir,0);
+				tls_report_error();
+				goto error_exit;
+			}
+			calist = get_ca_list( tls_opt_cacertfile, tls_opt_cacertdir );
+			if ( !calist ) {
+				Debug( LDAP_DEBUG_ANY,
+		 	"TLS: could not load client CA list (file:`%s',dir:`%s').\n",
+				       tls_opt_cacertfile,tls_opt_cacertdir,0);
+				tls_report_error();
+				goto error_exit;
+			}
+			SSL_CTX_set_client_CA_list( tls_def_ctx, calist );
 		}
-		SSL_CTX_set_client_CA_list( tls_def_ctx, calist );
 		if ( tls_opt_keyfile &&
 		     !SSL_CTX_use_PrivateKey_file( tls_def_ctx,
 						   tls_opt_keyfile,