[Issue 10337] New: Global TLS options not inherited in context - openldap-bugs

14 May 2025


      https://bugs.openldap.org/show_bug.cgi?id=10337
Issue ID: 10337
           Summary: Global TLS options not inherited in context
           Product: OpenLDAP
           Version: 2.6.9
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: libraries
          Assignee: bugs@openldap.org
          Reporter: remi@fedoraproject.org
  Target Milestone: ---
During ldap_create, global options are copied
See
https://github.com/openldap/openldap/blob/OPENLDAP_REL_ENG_2_6_9/libraries/l...
/* copy the global options */
        AC_MEMCPY(&ld->ld_options, gopts, sizeof(ld->ld_options));
But not the TLS string options
See
https://github.com/openldap/openldap/blob/OPENLDAP_REL_ENG_2_6_9/libraries/l...
/* We explicitly inherit the SSL_CTX, don't need the names/paths. Leave
         * them empty to allow new SSL_CTX's to be created from scratch.
         */
        memset( &ld->ld_options.ldo_tls_info, 0,
                sizeof( ld->ld_options.ldo_tls_info ));
        ld->ld_options.ldo_tls_ctx = NULL;
Which create inconsistency when trying to generate a newctx
For the context
See 
* https://github.com/php/php-src/issues/17776 => why tls_newctx is needed
* https://github.com/php/php-src/issues/18529 => regression
On PHP side a possible workaround is to do the copyu manually
* https://github.com/php/php-src/pull/18547
But should probably be handled at openldap library
-- 
You are receiving this mail because:
You are on the CC list for the issue.