<html> <head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8"> </head> <body text="#000000" bgcolor="#FFFFFF"> <p><font face="Calibri">I reviewed some of the initial discussion about this same issue which lead to this fix in version 2.4.26, "</font>Fixed libldap ASYNC TLS setup (ITS#6828)", and looked at the code that Ian Puleston suggested should be fixed in ldap_int_open_connection. This routine does have the code to do what was need for TSL to work but was not called since it received an error code of -2 not 0. The -2 simply indicated that this was an asynchronous call. I changed the test to call the TSL setup if the return code was either 0 or -2. This fixes my issue. Here is my patch.</p> <p>--- openldap-2.4.47/libraries/libldap/open.c 2018-12-19 10:57:06.000000000 -0500<br> +++ openldap-2.4.47.mod/libraries/libldap/open.c 2019-01-26 18:24:48.000000000 -0500<br> @@ -440,7 +440,7 @@<br> #endif<br> <br> #ifdef HAVE_TLS<br> - if (rc == 0 && ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ||<br> + if ((rc == 0 || rc == -2) && ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ||<br> strcmp( srv->lud_scheme, "ldaps" ) == 0 ))<br> {<br> ++conn->lconn_refcnt; /* avoid premature free */<br> </p> <p><font face="Arial,Verdana,Helvetica">Thanks,<br> Vern</font><br> <font face="Arial,Verdana,Helvetica"></font></p> </body> </html>
-
vsmith@interlinknetworks.com