Rework TLS code (only supports default connection)

This commit is contained in:
Kurt Zeilenga 2000-09-12 00:30:05 +00:00
parent fdc16c2f94
commit 2c30c90876

View File

@ -97,7 +97,7 @@ static void tls_init_threads( void )
#endif /* LDAP_R_COMPILE */ #endif /* LDAP_R_COMPILE */
/* /*
* Initialize tls system. Should be called only once. * Initialize TLS subsystem. Should be called only once.
*/ */
int int
ldap_pvt_tls_init( void ) ldap_pvt_tls_init( void )
@ -105,15 +105,17 @@ ldap_pvt_tls_init( void )
static int tls_initialized = 0; static int tls_initialized = 0;
if ( tls_initialized ) return 0; if ( tls_initialized ) return 0;
tls_initialized = 1;
(void) tls_seed_PRNG( tls_opt_randfile ); (void) tls_seed_PRNG( tls_opt_randfile );
tls_initialized = 1;
#ifdef LDAP_R_COMPILE #ifdef LDAP_R_COMPILE
tls_init_threads(); tls_init_threads();
#endif #endif
SSL_load_error_strings(); SSL_load_error_strings();
SSLeay_add_ssl_algorithms(); SSLeay_add_ssl_algorithms();
/* FIXME: mod_ssl does this */ /* FIXME: mod_ssl does this */
X509V3_add_standard_extensions(); X509V3_add_standard_extensions();
return 0; return 0;
@ -651,7 +653,8 @@ ldap_pvt_tls_sb_handle( Sockbuf *sb )
ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&p ); ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&p );
return p; return p;
} }
return NULL;
return NULL;
} }
void * void *
@ -858,9 +861,6 @@ ldap_pvt_tls_set_option( struct ldapoptions *lo, int option, void *arg )
int int
ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg ) ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg )
{ {
/* Make sure tls is initialized, including PRNG properly seeded. */
ldap_pvt_tls_init();
/* /*
* Fortunately, the lib uses blocking io... * Fortunately, the lib uses blocking io...
*/ */
@ -1039,40 +1039,36 @@ tls_tmp_dh_cb( SSL *ssl, int is_export, int key_length )
int int
ldap_start_tls_s ( LDAP *ld, ldap_start_tls_s ( LDAP *ld,
LDAPControl **serverctrls, LDAPControl **serverctrls,
LDAPControl **clientctrls ) LDAPControl **clientctrls )
{ {
#ifdef HAVE_TLS #ifdef HAVE_TLS
LDAPConn *lc;
int rc; int rc;
char *rspoid = NULL; char *rspoid = NULL;
struct berval *rspdata = NULL; struct berval *rspdata = NULL;
if (ld->ld_conns == NULL) { /* XXYYZ: this initiates operaton only on default connection! */
rc = ldap_open_defconn( ld );
if (rc != LDAP_SUCCESS) if ( ldap_pvt_tls_inplace( ld->ld_sb ) != 0 ) {
return(rc); return LDAP_LOCAL_ERROR;
} }
for (lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next) { rc = ldap_extended_operation_s( ld, LDAP_EXOP_START_TLS,
if (ldap_pvt_tls_inplace(lc->lconn_sb) != 0) NULL, serverctrls, clientctrls, &rspoid, &rspdata );
return LDAP_OPERATIONS_ERROR; if ( rc != LDAP_SUCCESS ) {
return rc;
/* XXYYZ: this initiates operaton only on default connection! */
rc = ldap_extended_operation_s(ld, LDAP_EXOP_START_TLS,
NULL, serverctrls, clientctrls, &rspoid, &rspdata);
if (rc != LDAP_SUCCESS)
return rc;
if (rspoid != NULL)
LDAP_FREE(rspoid);
if (rspdata != NULL)
ber_bvfree(rspdata);
rc = ldap_pvt_tls_start( ld, lc->lconn_sb, ld->ld_options.ldo_tls_ctx );
if (rc != LDAP_SUCCESS)
return rc;
} }
return LDAP_SUCCESS;
if ( rspoid != NULL ) {
LDAP_FREE(rspoid);
}
if ( rspdata != NULL ) {
ber_bvfree( rspdata );
}
rc = ldap_pvt_tls_start( ld, ld->ld_sb, ld->ld_options.ldo_tls_ctx );
return rc;
#else #else
return LDAP_NOT_SUPPORTED; return LDAP_NOT_SUPPORTED;
#endif #endif