From: Howard Chu Date: Mon, 26 Apr 2004 01:10:49 +0000 (+0000) Subject: ITS#3109 - added slap_tls_ctx X-Git-Tag: OPENDLAP_REL_ENG_2_2_MP~430 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=9b38cd2572c996d98e362dffbb4270328e9f52a8;p=openldap ITS#3109 - added slap_tls_ctx --- diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c index 034d30686e..228c2ee009 100644 --- a/servers/slapd/connection.c +++ b/servers/slapd/connection.c @@ -1279,7 +1279,7 @@ int connection_read(ber_socket_t s) #ifdef HAVE_TLS if ( c->c_is_tls && c->c_needs_tls_accept ) { - rc = ldap_pvt_tls_accept( c->c_sb, NULL ); + rc = ldap_pvt_tls_accept( c->c_sb, slap_tls_ctx ); if ( rc < 0 ) { #if 0 /* required by next #if 0 */ struct timeval tv; diff --git a/servers/slapd/main.c b/servers/slapd/main.c index 274399e1f5..0fdef6bc87 100644 --- a/servers/slapd/main.c +++ b/servers/slapd/main.c @@ -132,6 +132,8 @@ static int cnvt_str2int( char *, STRDISP_P, int ); static int check = CHECK_NONE; static int version = 0; +void *slap_tls_ctx; + static void usage( char *name ) { @@ -622,18 +624,32 @@ int main( int argc, char **argv ) goto destroy; } - rc = ldap_pvt_tls_init_def_ctx(); - if( rc != 0) { + { + void *def_ctx = NULL; + + /* Save existing default ctx, if any */ + ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &def_ctx ); + + /* Force new ctx to be created */ + ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, NULL ); + + rc = ldap_pvt_tls_init_def_ctx(); + if( rc != 0) { #ifdef NEW_LOGGING - LDAP_LOG( SLAPD, CRIT, "main: tls init def ctx failed: %d\n", rc, 0, 0 ); + LDAP_LOG( SLAPD, CRIT, "main: tls init def ctx failed: %d\n", rc, 0, 0 ); #else - Debug( LDAP_DEBUG_ANY, - "main: TLS init def ctx failed: %d\n", - rc, 0, 0 ); + Debug( LDAP_DEBUG_ANY, + "main: TLS init def ctx failed: %d\n", + rc, 0, 0 ); #endif - rc = 1; - SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 ); - goto destroy; + rc = 1; + SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 ); + goto destroy; + } + /* Retrieve slapd's own ctx */ + ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &slap_tls_ctx ); + /* Restore previous ctx */ + ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, def_ctx ); } #endif diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index b79a7d6003..4f34534816 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -582,6 +582,7 @@ LDAP_SLAPD_V( const struct berval ) slap_unknown_bv; LDAP_SLAPD_V( const struct berval ) slap_true_bv; LDAP_SLAPD_V( const struct berval ) slap_false_bv; LDAP_SLAPD_V( struct slap_sync_cookie_s ) slap_sync_cookie; +LDAP_SLAPD_V( void * ) slap_tls_ctx; /* * index.c