From fb4cba514d468883e36725898ce7399e0bb975f8 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Thu, 19 Jan 2006 18:12:15 +0000
Subject: [PATCH] ITS#4354 only set DH callback if OPT_DHFILE has been set.

---
 libraries/libldap/tls.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 6739599db6..7bf45805c8 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -382,7 +382,9 @@ ldap_pvt_tls_init_def_ctx( int is_server )
 			tls_opt_require_cert == LDAP_OPT_X_TLS_ALLOW ?
 			tls_verify_ok : tls_verify_cb );
 		SSL_CTX_set_tmp_rsa_callback( tls_def_ctx, tls_tmp_rsa_cb );
-		SSL_CTX_set_tmp_dh_callback( tls_def_ctx, tls_tmp_dh_cb );
+		if ( tls_opt_dhfile ) {
+			SSL_CTX_set_tmp_dh_callback( tls_def_ctx, tls_tmp_dh_cb );
+		}
 #ifdef HAVE_OPENSSL_CRL
 		if ( tls_opt_crlcheck ) {
 			X509_STORE *x509_s = SSL_CTX_get_cert_store( tls_def_ctx );
-- 
2.39.5