From de3e81cebbd6ed5c2baa562000384ec80e75c377 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Tue, 30 Apr 2002 13:50:56 +0000
Subject: [PATCH] Changed ldap_pvt_tls_get_my_dn and ldap_pvt_tls_get_peer_dn
 to store result in dn parameter and return a result code.

---
 include/ldap_pvt.h      |  4 ++--
 libraries/libldap/tls.c | 33 +++++++++++++++++----------------
 2 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/include/ldap_pvt.h b/include/ldap_pvt.h
index d1d73eba21..4edb4096f2 100644
--- a/include/ldap_pvt.h
+++ b/include/ldap_pvt.h
@@ -181,9 +181,9 @@ LDAP_F (int) ldap_pvt_tls_init_default_ctx LDAP_P(( void ));
 
 typedef int LDAPDN_rewrite_dummy LDAP_P (( void *dn, unsigned flags ));
 
-LDAP_F (char *) ldap_pvt_tls_get_my_dn LDAP_P(( void *ctx,
+LDAP_F (int) ldap_pvt_tls_get_my_dn LDAP_P(( void *ctx, struct berval *dn,
 	LDAPDN_rewrite_dummy *func, unsigned flags ));
-LDAP_F (char *) ldap_pvt_tls_get_peer_dn LDAP_P(( void *ctx,
+LDAP_F (int) ldap_pvt_tls_get_peer_dn LDAP_P(( void *ctx, struct berval *dn,
 	LDAPDN_rewrite_dummy *func, unsigned flags ));
 LDAP_F (int) ldap_pvt_tls_get_strength LDAP_P(( void *ctx ));
 
diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 9aa0775bc9..c9e161f6b1 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -788,21 +788,21 @@ ldap_pvt_tls_get_strength( void *s )
 }
 
 
-char *
-ldap_pvt_tls_get_my_dn( void *s, LDAPDN_rewrite_dummy *func, unsigned flags )
+int
+ldap_pvt_tls_get_my_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func, unsigned flags )
 {
 	X509 *x;
 	X509_NAME *xn;
-	struct berval dn;
+	int rc;
 
 	x = SSL_get_certificate((SSL *)s);
 
-	if (!x) return NULL;
+	if (!x) return LDAP_INVALID_CREDENTIALS;
     
 	xn = X509_get_subject_name(x);
-	ldap_X509dn2bv(xn, &dn, (LDAPDN_rewrite_func *)func, flags );
+	rc = ldap_X509dn2bv(xn, dn, (LDAPDN_rewrite_func *)func, flags );
 	X509_free(x);
-	return dn.bv_val;
+	return rc;
 }
 
 static X509 *
@@ -819,21 +819,21 @@ tls_get_cert( SSL *s )
     return SSL_get_peer_certificate(s);
 }
 
-char *
-ldap_pvt_tls_get_peer_dn( void *s, LDAPDN_rewrite_dummy *func, unsigned flags )
+int
+ldap_pvt_tls_get_peer_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func, unsigned flags )
 {
 	X509 *x;
 	X509_NAME *xn;
-	struct berval dn;
+	int rc;
 
 	x = tls_get_cert((SSL *)s);
 
-	if (!x) return NULL;
+	if (!x) return LDAP_INVALID_CREDENTIALS;
     
 	xn = X509_get_subject_name(x);
-	ldap_X509dn2bv(xn, &dn, (LDAPDN_rewrite_func *)func, flags);
+	rc = ldap_X509dn2bv(xn, dn, (LDAPDN_rewrite_func *)func, flags);
 	X509_free(x);
-	return dn.bv_val;
+	return rc;
 }
 
 char *
@@ -1246,15 +1246,16 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
 	 * set SASL properties to TLS ssf and authid
 	 */
 	{
-		char *authid;
+		struct berval authid;
 		ber_len_t ssf;
 
 		/* we need to let SASL know */
 		ssf = ldap_pvt_tls_get_strength( ssl );
-		authid = ldap_pvt_tls_get_my_dn( ssl, NULL, 0 );
+		/* failure is OK, we just can't use SASL EXTERNAL */
+		(void) ldap_pvt_tls_get_my_dn( ssl, &authid, NULL, 0 );
 
-		(void) ldap_int_sasl_external( ld, conn, authid, ssf );
-		LDAP_FREE( authid );
+		(void) ldap_int_sasl_external( ld, conn, authid.bv_val, ssf );
+		LDAP_FREE( authid.bv_val );
 	}
 
 	return LDAP_SUCCESS;
-- 
2.39.5