From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Wed, 29 Apr 2009 03:25:43 +0000 (+0000)
Subject: ITS#6053
X-Git-Tag: OPENLDAP_REL_ENG_2_4_17~126
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=8ea9c625ce0382a9ff53560042f8140bece9d7be;p=openldap

ITS#6053
---

diff --git a/CHANGES b/CHANGES
index e2adaf25b3..cb74f68f43 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,7 @@
 OpenLDAP 2.4 Change Log
 
 OpenLDAP 2.4.17 Engineering
+	Fixed libldap gnutls private key init (ITS#6053)
 	Fixed slapd errno handling (ITS#6037)
 	Fixed slapd global alloc handling (ITS#6054)
 	Fixed slapd moduleload with static backends and modules (ITS#6016)
diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
index 738fb36fc3..e3c82bbc6f 100644
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -354,6 +354,9 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
 		gnutls_x509_crt_t certs[VERIFY_DEPTH];
 		unsigned int max = VERIFY_DEPTH;
 
+		rc = gnutls_x509_privkey_init( &key );
+		if ( rc ) return -1;
+
 		/* OpenSSL builds the cert chain for us, but GnuTLS
 		 * expects it to be present in the certfile. If it's
 		 * not, we have to build it ourselves. So we have to