From vsmith@interlinknetworks.com Tue Jan 29 06:05:38 2019 From: vsmith@interlinknetworks.com To: openldap-bugs@openldap.org Subject: (ITS#8957) Date: Tue, 29 Jan 2019 06:05:36 +0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0072295805306451756==" --===============0072295805306451756== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable

I reviewed some of the initial discussion about this same issue which lead to this fix in version 2.4.26, "Fixed libldap ASYNC TLS setup (ITS#6828)", and looked at the code that Ian Puleston suggested should be fixed in ldap_int_open_connection. This routine does have the code to do what was need for TSL to work but was not called since it received an error code of -2 not 0. The -2 simply indicated that this was an asynchronous call. I changed the test to call the TSL setup if the return code was either 0 or -2. This fixes my issue. Here is my patch.

--- openldap-2.4.47/libraries/libldap/open.c=C2=A0=C2=A0=C2=A0 2018-12= -19 10:57:06.000000000 -0500
+++ openldap-2.4.47.mod/libraries/libldap/open.c=C2=A0=C2=A0=C2=A0 2019= -01-26 18:24:48.000000000 -0500
@@ -440,7 +440,7 @@
=C2=A0#endif
=C2=A0
=C2=A0#ifdef HAVE_TLS
-=C2=A0=C2=A0=C2=A0 if (rc =3D=3D 0 && ( ld->ld_options.ldo_= tls_mode =3D=3D LDAP_OPT_X_TLS_HARD ||
+=C2=A0=C2=A0=C2=A0 if ((rc =3D=3D 0 || rc =3D=3D -2) && ( ld->ld_options.ldo_tls_mode =3D=3D LDAP_OPT_X_TLS_HARD ||
=C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 strcmp( srv->lud_scheme,= "ldaps" ) =3D=3D 0 ))
=C2=A0=C2=A0=C2=A0=C2=A0 {
=C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 ++conn->lconn_refcnt;=C2= =A0=C2=A0=C2=A0 /* avoid premature free */

Thanks,
Vern

--===============0072295805306451756==--