From d7a53551766603adf78012a0d95657fb495872e7 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Sun, 27 Feb 2005 17:20:04 +0000
Subject: [PATCH] enable tls-related code only if available; import fix for
 asynchronous starttls from back-ldap

---
 servers/slapd/back-meta/conn.c | 56 ++++++++++++++++++++++++----------
 1 file changed, 40 insertions(+), 16 deletions(-)

diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c
index ae769d76c0..3b31118c3f 100644
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@@ -220,20 +220,25 @@ init_one_conn(
 		ldap_set_option( lsc->msc_ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON );
 	}
 
+#ifdef HAVE_TLS
 	/* start TLS ("start-tls"/"try-start-tls" statements) */
 	if ( ( LDAP_BACK_USE_TLS( li ) || ( op->o_conn->c_is_tls && LDAP_BACK_PROPAGATE_TLS( li ) ) )
 			&& !ldap_is_ldaps_url( lt->mt_uri ) )
 	{
-#if 0
-		int		rc, msgid;
-		LDAPMessage	*res;
-		int		retries = 1;
+#if 1
+		/*
+		 * use asynchronous StartTLS
+		 * in case, chase referral (not implemented yet)
+		 */
+		int		msgid;
 
-retry:;
-		rc = ldap_start_tls( lsc->msc_ld, NULL, NULL, &msgid );
-		if ( rc == LDAP_SUCCESS ) {
+		rs->sr_err = ldap_start_tls( lsc->msc_ld, NULL, NULL, &msgid );
+		if ( rs->sr_err == LDAP_SUCCESS ) {
+			LDAPMessage	*res = NULL;
+			int		rc, retries = 1;
 			struct timeval	tv = { 0, 0 };
 
+retry:;
 			rc = ldap_result( lsc->msc_ld, msgid, LDAP_MSG_ALL, &tv, &res );
 			if ( rc < 0 ) {
 				rs->sr_err = LDAP_OTHER;
@@ -247,29 +252,47 @@ retry:;
 				}
 				rs->sr_err = LDAP_OTHER;
 
-			} else {
-				if ( rc == LDAP_RES_EXTENDED ) {
-					rc = ldap_parse_result( lsc->msc_ld, res,
-						&rs->sr_err, NULL, NULL, NULL, NULL, 1 );
-					if ( rc != LDAP_SUCCESS ) {
-						rs->sr_err = rc;
+			} else if ( rc == LDAP_RES_EXTENDED ) {
+				struct berval	*data = NULL;
 
+				rs->sr_err = ldap_parse_extended_result( lsc->msc_ld, res,
+						NULL, &data, 0 );
+				if ( rs->sr_err == LDAP_SUCCESS ) {
+					rs->sr_err = ldap_result2error( lsc->msc_ld, res, 1 );
+					res = NULL;
+					
 					/* FIXME: in case a referral 
 					 * is returned, should we try
 					 * using it instead of the 
 					 * configured URI? */
+					if ( rs->sr_err == LDAP_SUCCESS ) {
+						ldap_install_tls( lsc->msc_ld );
+
 					} else if ( rs->sr_err == LDAP_REFERRAL ) {
 						rs->sr_err = LDAP_OTHER;
 						rs->sr_text = "unwilling to chase referral returned by Start TLS exop";
 					}
 
-				} else {
-					ldap_msgfree( res );
-					rs->sr_err = LDAP_OTHER;
+					if ( data ) {
+						if ( data->bv_val ) {
+							ber_memfree( data->bv_val );
+						}
+						ber_memfree( data );
+					}
 				}
+
+			} else {
+				rs->sr_err = LDAP_OTHER;
+			}
+
+			if ( res != NULL ) {
+				ldap_msgfree( res );
 			}
 		}
 #else
+		/*
+		 * use synchronous StartTLS
+		 */
 		rs->sr_err = ldap_start_tls_s( lsc->msc_ld, NULL, NULL );
 #endif
 
@@ -284,6 +307,7 @@ retry:;
 			goto error_return;
 		}
 	}
+#endif /* HAVE_TLS */
 
 	/*
 	 * Set the network timeout if set
-- 
2.39.5