From 83fb51555504242c2d0aef19be844ab76060619e Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Sun, 9 Apr 2017 14:49:48 +0100
Subject: [PATCH] Fixup cacert/cert/key options

Add get_option support, allow delete by setting a NULL arg.
---
 libraries/libldap/tls2.c | 72 ++++++++++++++++++++++++++++++----------
 1 file changed, 54 insertions(+), 18 deletions(-)

diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
index 732826b2e0..09ad9a14ba 100644
--- a/libraries/libldap/tls2.c
+++ b/libraries/libldap/tls2.c
@@ -734,6 +734,33 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
 		}
 		break;
 	}
+	case LDAP_OPT_X_TLS_CACERT: {
+		struct berval *bv = arg;
+		if ( lo->ldo_tls_cacert.bv_val ) {
+			ber_dupbv( bv, &lo->ldo_tls_cacert );
+		} else {
+			BER_BVZERO( bv );
+		}
+		break;
+	}
+	case LDAP_OPT_X_TLS_CERT: {
+		struct berval *bv = arg;
+		if ( lo->ldo_tls_cert.bv_val ) {
+			ber_dupbv( bv, &lo->ldo_tls_cert );
+		} else {
+			BER_BVZERO( bv );
+		}
+		break;
+	}
+	case LDAP_OPT_X_TLS_KEY: {
+		struct berval *bv = arg;
+		if ( lo->ldo_tls_key.bv_val ) {
+			ber_dupbv( bv, &lo->ldo_tls_key );
+		} else {
+			BER_BVZERO( bv );
+		}
+		break;
+	}
 
 	default:
 		return -1;
@@ -867,34 +894,43 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
 		lo->ldo_tls_ctx = NULL;
 		return ldap_int_tls_init_ctx( lo, *(int *)arg );
 	case LDAP_OPT_X_TLS_CACERT:
-		if ( !arg ) return -1;
 		if ( lo->ldo_tls_cacert.bv_val )
 			LDAP_FREE( lo->ldo_tls_cacert.bv_val );
-		lo->ldo_tls_cacert.bv_len = ((struct berval *)arg)->bv_len;
-		lo->ldo_tls_cacert.bv_val = LDAP_MALLOC( lo->ldo_tls_cacert.bv_len );
-		if ( !lo->ldo_tls_cacert.bv_val )
-			return -1;
-		AC_MEMCPY( lo->ldo_tls_cacert.bv_val, ((struct berval *)arg)->bv_val, lo->ldo_tls_cacert.bv_len );
+		if ( arg ) {
+			lo->ldo_tls_cacert.bv_len = ((struct berval *)arg)->bv_len;
+			lo->ldo_tls_cacert.bv_val = LDAP_MALLOC( lo->ldo_tls_cacert.bv_len );
+			if ( !lo->ldo_tls_cacert.bv_val )
+				return -1;
+			AC_MEMCPY( lo->ldo_tls_cacert.bv_val, ((struct berval *)arg)->bv_val, lo->ldo_tls_cacert.bv_len );
+		} else {
+			BER_BVZERO( &lo->ldo_tls_cacert );
+		}
 		break;
 	case LDAP_OPT_X_TLS_CERT:
-		if ( !arg ) return -1;
 		if ( lo->ldo_tls_cert.bv_val )
 			LDAP_FREE( lo->ldo_tls_cert.bv_val );
-		lo->ldo_tls_cert.bv_len = ((struct berval *)arg)->bv_len;
-		lo->ldo_tls_cert.bv_val = LDAP_MALLOC( lo->ldo_tls_cert.bv_len );
-		if ( !lo->ldo_tls_cert.bv_val )
-			return -1;
-		AC_MEMCPY( lo->ldo_tls_cert.bv_val, ((struct berval *)arg)->bv_val, lo->ldo_tls_cert.bv_len );
+		if ( arg ) {
+			lo->ldo_tls_cert.bv_len = ((struct berval *)arg)->bv_len;
+			lo->ldo_tls_cert.bv_val = LDAP_MALLOC( lo->ldo_tls_cert.bv_len );
+			if ( !lo->ldo_tls_cert.bv_val )
+				return -1;
+			AC_MEMCPY( lo->ldo_tls_cert.bv_val, ((struct berval *)arg)->bv_val, lo->ldo_tls_cert.bv_len );
+		} else {
+			BER_BVZERO( &lo->ldo_tls_cert );
+		}
 		break;
 	case LDAP_OPT_X_TLS_KEY:
-		if ( !arg ) return -1;
 		if ( lo->ldo_tls_key.bv_val )
 			LDAP_FREE( lo->ldo_tls_key.bv_val );
-		lo->ldo_tls_key.bv_len = ((struct berval *)arg)->bv_len;
-		lo->ldo_tls_key.bv_val = LDAP_MALLOC( lo->ldo_tls_key.bv_len );
-		if ( !lo->ldo_tls_key.bv_val )
-			return -1;
-		AC_MEMCPY( lo->ldo_tls_key.bv_val, ((struct berval *)arg)->bv_val, lo->ldo_tls_key.bv_len );
+		if ( arg ) {
+			lo->ldo_tls_key.bv_len = ((struct berval *)arg)->bv_len;
+			lo->ldo_tls_key.bv_val = LDAP_MALLOC( lo->ldo_tls_key.bv_len );
+			if ( !lo->ldo_tls_key.bv_val )
+				return -1;
+			AC_MEMCPY( lo->ldo_tls_key.bv_val, ((struct berval *)arg)->bv_val, lo->ldo_tls_key.bv_len );
+		} else {
+			BER_BVZERO( &lo->ldo_tls_key );
+		}
 		break;
 	default:
 		return -1;
-- 
2.39.5