From: Howard Chu Date: Mon, 12 Jan 2015 22:25:15 +0000 (+0000) Subject: ITS#8022 don't skip TLS init for ldaps:// targets X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6046584531160662570af555e6182b775066cbf6;p=openldap ITS#8022 don't skip TLS init for ldaps:// targets --- diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c index d2e3c4399a..3a05d88af6 100644 --- a/servers/slapd/back-meta/conn.c +++ b/servers/slapd/back-meta/conn.c @@ -424,7 +424,7 @@ retry_lock:; slap_client_keepalive(msc->msc_ld, &mt->mt_tls.sb_keepalive); #ifdef HAVE_TLS - if ( !is_ldaps ) { + { slap_bindconf *sb = NULL; if ( ispriv ) { @@ -439,13 +439,15 @@ retry_lock:; ldap_set_option( msc->msc_ld, LDAP_OPT_X_TLS_CTX, sb->sb_tls_ctx ); } - if ( sb == &mt->mt_idassert.si_bc && sb->sb_tls_ctx ) { - do_start_tls = 1; + if ( !is_ldaps ) { + if ( sb == &mt->mt_idassert.si_bc && sb->sb_tls_ctx ) { + do_start_tls = 1; - } else if ( META_BACK_TGT_USE_TLS( mt ) - || ( op->o_conn->c_is_tls && META_BACK_TGT_PROPAGATE_TLS( mt ) ) ) - { - do_start_tls = 1; + } else if ( META_BACK_TGT_USE_TLS( mt ) + || ( op->o_conn->c_is_tls && META_BACK_TGT_PROPAGATE_TLS( mt ) ) ) + { + do_start_tls = 1; + } } }