I haven't kept track of the TLS changes though, so I don't know if just moving #ifdefs around is the right fix.

As far as I understood it, the rationale of those changes was to be able to handle, and significantly parse certificates, independently of any TLS capability (including when no TLS is available). If you find a combination of #ifdef's that gives this, then it should be the right one.

p.

Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------