From quanah@symas.com Tue Jan 29 15:15:06 2019 From: quanah@symas.com To: openldap-bugs@openldap.org Subject: Re: (ITS#8957) Date: Tue, 29 Jan 2019 15:15:05 +0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6803104191564302719==" --===============6803104191564302719== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hi, Please read: and re-submit the patch accordingly. Please do not use HTML email. Thanks! --On Tuesday, January 29, 2019 6:05 AM +0000 vsmith(a)interlinknetworks.com wrote: > > > > > > >

I reviewed some of the initial discussion > about this same issue which lead to this fix in version 2.4.26, > "Fixed libldap ASYNC TLS setup (ITS#6828)", and looked at > the code that Ian Puleston suggested should be fixed in > ldap_int_open_connection. This routine does have the code to do > what was need for TSL to work but was not called since it received > an error code of -2 not 0. The -2 simply indicated that this was > an asynchronous call. I changed the test to call the TSL setup if > the return code was either 0 or -2. This fixes my issue. Here is > my patch.

--- openldap-2.4.47/libraries/libldap/open.c?????? 2018-12-19 > 10:57:06.000000000 -0500
> +++ openldap-2.4.47.mod/libraries/libldap/open.c?????? 2019-01-26 > 18:24:48.000000000 -0500
> @@ -440,7 +440,7 @@
> ??#endif
> ??
> ??#ifdef HAVE_TLS
> -?????? if (rc == 0 && ( ld->ld_options.ldo_tls_mode == > LDAP_OPT_X_TLS_HARD ||
> +?????? if ((rc == 0 || rc == -2) && ( > ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ||
> ???????? ?????? strcmp( srv->lud_scheme, "ldaps" ) == 0 ))
> ???????? {
> ???????? ?????? ++conn->lconn_refcnt;?????? /* avoid premature > free */

Thanks,
> Vern
>

> > > > > -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: --===============6803104191564302719==--