mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
Rework TLS code (only supports default connection)
This commit is contained in:
parent
fdc16c2f94
commit
2c30c90876
@ -97,7 +97,7 @@ static void tls_init_threads( void )
|
|||||||
#endif /* LDAP_R_COMPILE */
|
#endif /* LDAP_R_COMPILE */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Initialize tls system. Should be called only once.
|
* Initialize TLS subsystem. Should be called only once.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
ldap_pvt_tls_init( void )
|
ldap_pvt_tls_init( void )
|
||||||
@ -105,15 +105,17 @@ ldap_pvt_tls_init( void )
|
|||||||
static int tls_initialized = 0;
|
static int tls_initialized = 0;
|
||||||
|
|
||||||
if ( tls_initialized ) return 0;
|
if ( tls_initialized ) return 0;
|
||||||
|
tls_initialized = 1;
|
||||||
|
|
||||||
(void) tls_seed_PRNG( tls_opt_randfile );
|
(void) tls_seed_PRNG( tls_opt_randfile );
|
||||||
|
|
||||||
tls_initialized = 1;
|
|
||||||
#ifdef LDAP_R_COMPILE
|
#ifdef LDAP_R_COMPILE
|
||||||
tls_init_threads();
|
tls_init_threads();
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
SSL_load_error_strings();
|
SSL_load_error_strings();
|
||||||
SSLeay_add_ssl_algorithms();
|
SSLeay_add_ssl_algorithms();
|
||||||
|
|
||||||
/* FIXME: mod_ssl does this */
|
/* FIXME: mod_ssl does this */
|
||||||
X509V3_add_standard_extensions();
|
X509V3_add_standard_extensions();
|
||||||
return 0;
|
return 0;
|
||||||
@ -651,6 +653,7 @@ ldap_pvt_tls_sb_handle( Sockbuf *sb )
|
|||||||
ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&p );
|
ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&p );
|
||||||
return p;
|
return p;
|
||||||
}
|
}
|
||||||
|
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -858,9 +861,6 @@ ldap_pvt_tls_set_option( struct ldapoptions *lo, int option, void *arg )
|
|||||||
int
|
int
|
||||||
ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg )
|
ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg )
|
||||||
{
|
{
|
||||||
/* Make sure tls is initialized, including PRNG properly seeded. */
|
|
||||||
ldap_pvt_tls_init();
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Fortunately, the lib uses blocking io...
|
* Fortunately, the lib uses blocking io...
|
||||||
*/
|
*/
|
||||||
@ -1043,36 +1043,32 @@ ldap_start_tls_s ( LDAP *ld,
|
|||||||
LDAPControl **clientctrls )
|
LDAPControl **clientctrls )
|
||||||
{
|
{
|
||||||
#ifdef HAVE_TLS
|
#ifdef HAVE_TLS
|
||||||
LDAPConn *lc;
|
|
||||||
int rc;
|
int rc;
|
||||||
char *rspoid = NULL;
|
char *rspoid = NULL;
|
||||||
struct berval *rspdata = NULL;
|
struct berval *rspdata = NULL;
|
||||||
|
|
||||||
if (ld->ld_conns == NULL) {
|
|
||||||
rc = ldap_open_defconn( ld );
|
|
||||||
if (rc != LDAP_SUCCESS)
|
|
||||||
return(rc);
|
|
||||||
}
|
|
||||||
|
|
||||||
for (lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next) {
|
|
||||||
if (ldap_pvt_tls_inplace(lc->lconn_sb) != 0)
|
|
||||||
return LDAP_OPERATIONS_ERROR;
|
|
||||||
|
|
||||||
/* XXYYZ: this initiates operaton only on default connection! */
|
/* XXYYZ: this initiates operaton only on default connection! */
|
||||||
rc = ldap_extended_operation_s(ld, LDAP_EXOP_START_TLS,
|
|
||||||
NULL, serverctrls, clientctrls, &rspoid, &rspdata);
|
|
||||||
|
|
||||||
if (rc != LDAP_SUCCESS)
|
if ( ldap_pvt_tls_inplace( ld->ld_sb ) != 0 ) {
|
||||||
return rc;
|
return LDAP_LOCAL_ERROR;
|
||||||
if (rspoid != NULL)
|
}
|
||||||
LDAP_FREE(rspoid);
|
|
||||||
if (rspdata != NULL)
|
rc = ldap_extended_operation_s( ld, LDAP_EXOP_START_TLS,
|
||||||
ber_bvfree(rspdata);
|
NULL, serverctrls, clientctrls, &rspoid, &rspdata );
|
||||||
rc = ldap_pvt_tls_start( ld, lc->lconn_sb, ld->ld_options.ldo_tls_ctx );
|
if ( rc != LDAP_SUCCESS ) {
|
||||||
if (rc != LDAP_SUCCESS)
|
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
return LDAP_SUCCESS;
|
|
||||||
|
if ( rspoid != NULL ) {
|
||||||
|
LDAP_FREE(rspoid);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( rspdata != NULL ) {
|
||||||
|
ber_bvfree( rspdata );
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = ldap_pvt_tls_start( ld, ld->ld_sb, ld->ld_options.ldo_tls_ctx );
|
||||||
|
return rc;
|
||||||
#else
|
#else
|
||||||
return LDAP_NOT_SUPPORTED;
|
return LDAP_NOT_SUPPORTED;
|
||||||
#endif
|
#endif
|
||||||
|
Loading…
Reference in New Issue
Block a user