> No, thanks. The problem is that these specific statements do not > prescribe a fixed number of arguments. Moreover, the function that uses > the value resets the field when passed a NULL argument. If this behavior > needs to be preserved, I have the right fix handy. Otherwise it might > need more work. To be more specific: slapd's TLS configuration is registered without enforcing a specific number of arguments. This check is delegated to the underlying calls to ldap_pvt_tls_set_option() performed by config_tls_option(). This poses two problems: - since the argument of these parameters is ARG_STRING, if no arg is passed then ch_strdup() fails - fixing this (by skipping ch_strdup() if argc == 1, for example) results in calling ldap_pvt_tls_set_option with a NULL value, which is a perfectly legitimate value (it means: clear any existing value), but it may not be appropriate in this context. Please advise whether the right fix is skip ch_strdup(), or enforcing a requirement for argc == 2 for TLS-related fields.