From: Kurt Zeilenga <kurt@openldap.org>
Date: Thu, 29 Apr 2004 01:07:36 +0000 (+0000)
Subject: Add slapd TLS ctx
X-Git-Tag: OPENLDAP_REL_ENG_2_2_12~23
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=8ef4d410dd00259338f0bc82d44b169fd304f067;p=openldap

Add slapd TLS ctx
---

diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
index ffcb0312c5..e59a95c371 100644
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -1279,7 +1279,7 @@ int connection_read(ber_socket_t s)
 
 #ifdef HAVE_TLS
 	if ( c->c_is_tls && c->c_needs_tls_accept ) {
-		rc = ldap_pvt_tls_accept( c->c_sb, NULL );
+		rc = ldap_pvt_tls_accept( c->c_sb, slap_tls_ctx );
 		if ( rc < 0 ) {
 #if 0 /* required by next #if 0 */
 			struct timeval tv;
diff --git a/servers/slapd/main.c b/servers/slapd/main.c
index 528867ba00..417104ecd3 100644
--- a/servers/slapd/main.c
+++ b/servers/slapd/main.c
@@ -123,6 +123,8 @@ static int   cnvt_str2int( char *, STRDISP_P, int );
 static int check = CHECK_NONE;
 static int version = 0;
 
+void *slap_tls_ctx;
+
 static void
 usage( char *name )
 {
@@ -594,18 +596,32 @@ int main( int argc, char **argv )
 		goto destroy;
 	}
 
-	rc = ldap_pvt_tls_init_def_ctx();
-	if( rc != 0) {
+	{
+		void *def_ctx = NULL;
+
+		/* Save existing default ctx, if any */
+		ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &def_ctx );
+
+		/* Force new ctx to be created */
+		ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, NULL );
+
+		rc = ldap_pvt_tls_init_def_ctx();
+		if( rc != 0) {
 #ifdef NEW_LOGGING
-		LDAP_LOG( SLAPD, CRIT, "main: tls init def ctx failed: %d\n", rc, 0, 0 );
+			LDAP_LOG( SLAPD, CRIT, "main: tls init def ctx failed: %d\n", rc, 0, 0 );
 #else
-		Debug( LDAP_DEBUG_ANY,
-		    "main: TLS init def ctx failed: %d\n",
-		    rc, 0, 0 );
+			Debug( LDAP_DEBUG_ANY,
+			    "main: TLS init def ctx failed: %d\n",
+			    rc, 0, 0 );
 #endif
-		rc = 1;
-		SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
-		goto destroy;
+			rc = 1;
+			SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
+			goto destroy;
+		}
+		/* Retrieve slapd's own ctx */
+		ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &slap_tls_ctx );
+		/* Restore previous ctx */
+		ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, def_ctx );
 	}
 #endif
 
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index 843c469a5a..01be7ba8f5 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -580,6 +580,7 @@ LDAP_SLAPD_V( const struct berval ) slap_unknown_bv;
 LDAP_SLAPD_V( const struct berval ) slap_true_bv;
 LDAP_SLAPD_V( const struct berval ) slap_false_bv;
 LDAP_SLAPD_V( struct slap_sync_cookie_s ) slap_sync_cookie;
+LDAP_SLAPD_V( void * ) slap_tls_ctx;
 
 /*
  * index.c