From 70fe83b1d25fa0aa3140b443fcbf2e6e13cfd72f Mon Sep 17 00:00:00 2001
From: =?utf8?q?Julio=20S=C3=A1nchez=20Fern=C3=A1ndez?=
 <jsanchez@openldap.org>
Date: Tue, 13 Jul 1999 19:32:51 +0000
Subject: [PATCH] First version with TLS.  Untested.

---
 libraries/libldap/open.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c
index e9a7353ab6..419b4277e0 100644
--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@@ -252,6 +252,20 @@ open_ldap_connection( LDAP *ld, Sockbuf *sb, const char *host, int defport,
    
    	ber_pvt_sb_set_io( sb, &ber_pvt_sb_io_tcp, NULL );
 
+#ifdef HAVE_TLS
+   	if ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ) {
+		/*
+		 * Fortunately, the lib uses blocking io...
+		 */
+		if ( ldap_pvt_tls_connect( sb, ld->ld_options.ldo_tls_ctx ) < 
+		     0 ) {
+			return -1;
+		}
+		/* FIXME: hostname of server must be compared with name in
+		 * certificate....
+		 */
+	}
+#endif
 	if ( krbinstancep != NULL ) {
 #ifdef HAVE_KERBEROS
 		char *c;
-- 
2.39.5