From 71aac348cfb0ba1a70bfc08ea5553f1d8ce971c3 Mon Sep 17 00:00:00 2001 From: Quanah Gibson-Mount Date: Tue, 12 Feb 2008 01:46:45 +0000 Subject: [PATCH] ITS#5360 --- CHANGES | 1 + servers/slapd/init.c | 10 ---------- servers/slapd/main.c | 7 +++++++ 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index 88d1080755..9288a59c69 100644 --- a/CHANGES +++ b/CHANGES @@ -27,6 +27,7 @@ OpenLDAP 2.4.8 Engineering Fixed slapd cn=config global acls (ITS#5352) Fixed slapd truncated cookie (ITS#5362) Fixed slapd str2entry with no attrs (ITS#5308) + Fixed slapd TLSVerifyClient default (ITS#5360) Fixed slapd-bdb crash with modrdn (ITS#5358) Fixed slapd-bdb segv with bdb4.6 (ITS#5322) Fixed slapd-bdb modrdn to same dn (ITS#5319) diff --git a/servers/slapd/init.c b/servers/slapd/init.c index d99453df33..73e4225067 100644 --- a/servers/slapd/init.c +++ b/servers/slapd/init.c @@ -179,16 +179,6 @@ slap_init( int mode, const char *name ) return 1; } -#ifdef HAVE_TLS - /* Library defaults to full certificate checking. This is correct when - * a client is verifying a server because all servers should have a - * valid cert. But few clients have valid certs, so we want our default - * to be no checking. The config file can override this as usual. - */ - rc = 0; - (void) ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc ); -#endif - if ( frontend_init() ) { slap_debug |= LDAP_DEBUG_NONE; Debug( LDAP_DEBUG_ANY, diff --git a/servers/slapd/main.c b/servers/slapd/main.c index 2a4bb85c91..70dae327d6 100644 --- a/servers/slapd/main.c +++ b/servers/slapd/main.c @@ -736,6 +736,13 @@ unhandled_option:; SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 ); goto destroy; } + /* Library defaults to full certificate checking. This is correct when + * a client is verifying a server because all servers should have a + * valid cert. But few clients have valid certs, so we want our default + * to be no checking. The config file can override this as usual. + */ + rc = LDAP_OPT_X_TLS_NEVER; + (void) ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc ); #endif rc = slap_init( serverMode, serverName ); -- 2.39.5