From: Howard Chu <hyc@openldap.org>
Date: Thu, 1 Aug 2002 03:23:29 +0000 (+0000)
Subject: ITS#1995 return error text when ldap_pvt_tls_check_hostname fails
X-Git-Tag: NO_SLAP_OP_BLOCKS~1298
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=d9eac7209929ccbe81ec35f352fafd018210fb29;p=openldap

ITS#1995 return error text when ldap_pvt_tls_check_hostname fails
---

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index e8c8c266c4..d6d1465249 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -916,7 +916,7 @@ ldap_pvt_tls_get_peer_hostname( void *s )
 }
 
 int
-ldap_pvt_tls_check_hostname( void *s, const char *name_in )
+ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in )
 {
 	int i, ret = LDAP_LOCAL_ERROR;
 	X509 *x;
@@ -1019,6 +1019,7 @@ ldap_pvt_tls_check_hostname( void *s, const char *name_in )
 				"TLS: unable to get common name from peer certificate.\n",
 				0, 0, 0 );
 #endif
+			ld->ld_error = LDAP_STRDUP("TLS: unable to get CN from peer certificate");
 
 		} else if (strcasecmp(name, buf)) {
 #ifdef NEW_LOGGING
@@ -1031,6 +1032,7 @@ ldap_pvt_tls_check_hostname( void *s, const char *name_in )
 				name, buf, 0 );
 #endif
 			ret = LDAP_CONNECT_ERROR;
+			ld->ld_error = LDAP_STRDUP("TLS: hostname does not match CN in peer certificate");
 
 		} else {
 			ret = LDAP_SUCCESS;
@@ -1308,7 +1310,7 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
 	/* 
 	 * compare host with name(s) in certificate
 	 */
-	ld->ld_errno = ldap_pvt_tls_check_hostname( ssl, host );
+	ld->ld_errno = ldap_pvt_tls_check_hostname( ld, ssl, host );
 	if (ld->ld_errno != LDAP_SUCCESS) {
 		return ld->ld_errno;
 	}