From: Howard Chu <hyc@openldap.org>
Date: Fri, 7 Apr 2006 01:49:19 +0000 (+0000)
Subject: Add TLS options to bindconf struct
X-Git-Tag: OPENLDAP_REL_ENG_2_4_0ALPHA~18
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=7a5d12cc519992f4e1aca0d0571d37735666a48a;p=openldap

Add TLS options to bindconf struct
---

diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index 2598291bc5..de523df142 100644
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -1034,6 +1034,17 @@ static slap_cf_aux_table bindkey[] = {
 	{ BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 'b', 0, NULL },
 	{ BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 0, NULL },
 	{ BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, NULL },
+#ifdef HAVE_TLS
+	{ BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL },
+	{ BER_BVC("tls_key="), offsetof(slap_bindconf, sb_tls_key), 's', 1, NULL },
+	{ BER_BVC("tls_cacert="), offsetof(slap_bindconf, sb_tls_cacert), 's', 1, NULL },
+	{ BER_BVC("tls_cacertdir="), offsetof(slap_bindconf, sb_tls_cacertdir), 's', 1, NULL },
+	{ BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 1, NULL },
+	{ BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 1, NULL },
+#ifdef HAVE_OPENSSL_CRL
+	{ BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 1, NULL },
+#endif
+#endif
 	{ BER_BVNULL, 0, 0, 0, NULL }
 };
 
@@ -1243,6 +1254,38 @@ void bindconf_free( slap_bindconf *bc ) {
 		ch_free( bc->sb_authzId.bv_val );
 		BER_BVZERO( &bc->sb_authzId );
 	}
+#ifdef HAVE_TLS
+	if ( bc->sb_tls_cert ) {
+		ch_free( bc->sb_tls_cert );
+		bc->sb_tls_cert = NULL;
+	}
+	if ( bc->sb_tls_key ) {
+		ch_free( bc->sb_tls_key );
+		bc->sb_tls_key = NULL;
+	}
+	if ( bc->sb_tls_cacert ) {
+		ch_free( bc->sb_tls_cacert );
+		bc->sb_tls_cacert = NULL;
+	}
+	if ( bc->sb_tls_cacertdir ) {
+		ch_free( bc->sb_tls_cacertdir );
+		bc->sb_tls_cacertdir = NULL;
+	}
+	if ( bc->sb_tls_reqcert ) {
+		ch_free( bc->sb_tls_reqcert );
+		bc->sb_tls_reqcert = NULL;
+	}
+	if ( bc->sb_tls_cipher_suite ) {
+		ch_free( bc->sb_tls_cipher_suite );
+		bc->sb_tls_cipher_suite = NULL;
+	}
+#ifdef HAVE_OPENSSL_CRL
+	if ( bc->sb_tls_crlcheck ) {
+		ch_free( bc->sb_tls_crlcheck );
+		bc->sb_tls_crlcheck = NULL;
+	}
+#endif
+#endif
 }
 
 
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index bf9eb8a263..cff8f0bfb4 100644
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -1520,6 +1520,17 @@ typedef struct slap_bindconf {
 	struct berval sb_realm;
 	struct berval sb_authcId;
 	struct berval sb_authzId;
+#ifdef HAVE_TLS
+	char *sb_tls_cert;
+	char *sb_tls_key;
+	char *sb_tls_cacert;
+	char *sb_tls_cacertdir;
+	char *sb_tls_reqcert;
+	char *sb_tls_cipher_suite;
+#ifdef HAVE_OPENSSL_CRL
+	char *sb_tls_crlcheck;
+#endif
+#endif
 } slap_bindconf;
 
 struct slap_replica_info {