From: Howard Chu Date: Sun, 9 Apr 2017 13:49:48 +0000 (+0100) Subject: Fixup cacert/cert/key options X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=83fb51555504242c2d0aef19be844ab76060619e;p=openldap Fixup cacert/cert/key options Add get_option support, allow delete by setting a NULL arg. --- diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c index 732826b2e0..09ad9a14ba 100644 --- a/libraries/libldap/tls2.c +++ b/libraries/libldap/tls2.c @@ -734,6 +734,33 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg ) } break; } + case LDAP_OPT_X_TLS_CACERT: { + struct berval *bv = arg; + if ( lo->ldo_tls_cacert.bv_val ) { + ber_dupbv( bv, &lo->ldo_tls_cacert ); + } else { + BER_BVZERO( bv ); + } + break; + } + case LDAP_OPT_X_TLS_CERT: { + struct berval *bv = arg; + if ( lo->ldo_tls_cert.bv_val ) { + ber_dupbv( bv, &lo->ldo_tls_cert ); + } else { + BER_BVZERO( bv ); + } + break; + } + case LDAP_OPT_X_TLS_KEY: { + struct berval *bv = arg; + if ( lo->ldo_tls_key.bv_val ) { + ber_dupbv( bv, &lo->ldo_tls_key ); + } else { + BER_BVZERO( bv ); + } + break; + } default: return -1; @@ -867,34 +894,43 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg ) lo->ldo_tls_ctx = NULL; return ldap_int_tls_init_ctx( lo, *(int *)arg ); case LDAP_OPT_X_TLS_CACERT: - if ( !arg ) return -1; if ( lo->ldo_tls_cacert.bv_val ) LDAP_FREE( lo->ldo_tls_cacert.bv_val ); - lo->ldo_tls_cacert.bv_len = ((struct berval *)arg)->bv_len; - lo->ldo_tls_cacert.bv_val = LDAP_MALLOC( lo->ldo_tls_cacert.bv_len ); - if ( !lo->ldo_tls_cacert.bv_val ) - return -1; - AC_MEMCPY( lo->ldo_tls_cacert.bv_val, ((struct berval *)arg)->bv_val, lo->ldo_tls_cacert.bv_len ); + if ( arg ) { + lo->ldo_tls_cacert.bv_len = ((struct berval *)arg)->bv_len; + lo->ldo_tls_cacert.bv_val = LDAP_MALLOC( lo->ldo_tls_cacert.bv_len ); + if ( !lo->ldo_tls_cacert.bv_val ) + return -1; + AC_MEMCPY( lo->ldo_tls_cacert.bv_val, ((struct berval *)arg)->bv_val, lo->ldo_tls_cacert.bv_len ); + } else { + BER_BVZERO( &lo->ldo_tls_cacert ); + } break; case LDAP_OPT_X_TLS_CERT: - if ( !arg ) return -1; if ( lo->ldo_tls_cert.bv_val ) LDAP_FREE( lo->ldo_tls_cert.bv_val ); - lo->ldo_tls_cert.bv_len = ((struct berval *)arg)->bv_len; - lo->ldo_tls_cert.bv_val = LDAP_MALLOC( lo->ldo_tls_cert.bv_len ); - if ( !lo->ldo_tls_cert.bv_val ) - return -1; - AC_MEMCPY( lo->ldo_tls_cert.bv_val, ((struct berval *)arg)->bv_val, lo->ldo_tls_cert.bv_len ); + if ( arg ) { + lo->ldo_tls_cert.bv_len = ((struct berval *)arg)->bv_len; + lo->ldo_tls_cert.bv_val = LDAP_MALLOC( lo->ldo_tls_cert.bv_len ); + if ( !lo->ldo_tls_cert.bv_val ) + return -1; + AC_MEMCPY( lo->ldo_tls_cert.bv_val, ((struct berval *)arg)->bv_val, lo->ldo_tls_cert.bv_len ); + } else { + BER_BVZERO( &lo->ldo_tls_cert ); + } break; case LDAP_OPT_X_TLS_KEY: - if ( !arg ) return -1; if ( lo->ldo_tls_key.bv_val ) LDAP_FREE( lo->ldo_tls_key.bv_val ); - lo->ldo_tls_key.bv_len = ((struct berval *)arg)->bv_len; - lo->ldo_tls_key.bv_val = LDAP_MALLOC( lo->ldo_tls_key.bv_len ); - if ( !lo->ldo_tls_key.bv_val ) - return -1; - AC_MEMCPY( lo->ldo_tls_key.bv_val, ((struct berval *)arg)->bv_val, lo->ldo_tls_key.bv_len ); + if ( arg ) { + lo->ldo_tls_key.bv_len = ((struct berval *)arg)->bv_len; + lo->ldo_tls_key.bv_val = LDAP_MALLOC( lo->ldo_tls_key.bv_len ); + if ( !lo->ldo_tls_key.bv_val ) + return -1; + AC_MEMCPY( lo->ldo_tls_key.bv_val, ((struct berval *)arg)->bv_val, lo->ldo_tls_key.bv_len ); + } else { + BER_BVZERO( &lo->ldo_tls_key ); + } break; default: return -1;