From 4f0c386c68f2e2a98250b1a217f71f2e6405b1e9 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Sun, 9 Oct 2005 20:04:49 +0000
Subject: [PATCH] ITS#4072 prevent ldaps listeners when TLS is not configured

---
 servers/slapd/daemon.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c
index 098bce5242..f7e8a7f9b4 100644
--- a/servers/slapd/daemon.c
+++ b/servers/slapd/daemon.c
@@ -836,6 +836,13 @@ static int slap_open_listener(
 #else
 	l.sl_is_tls = ldap_pvt_url_scheme2tls( lud->lud_scheme );
 
+	if ( l.sl_is_tls && !slap_tls_ctx ) {
+		Debug( LDAP_DEBUG_ANY,
+			"daemon: TLS not configured (%s)\n",
+			url, 0, 0 );
+		ldap_free_urldesc( lud );
+		return -1;
+	}
 	if(! lud->lud_port ) {
 		lud->lud_port = l.sl_is_tls ? LDAPS_PORT : LDAP_PORT;
 	}
-- 
2.39.5