TLS SSF does not imply a transport_ssf.

2025-01-24 13:24:56 +08:00 · 2004-08-28 21:58:20 +00:00 · 2004-08-28 21:58:20 +00:00 · c449fdd217
commit c449fdd217
parent 89772e9bdd
1 changed files with 6 additions and 4 deletions
--- a/servers/slapd/syncrepl.c
+++ b/servers/slapd/syncrepl.c
@ -312,15 +312,17 @@ do_syncrep1(
 	/* Set SSF to strongest of TLS, SASL SSFs */
 	op->o_sasl_ssf = 0;
 	op->o_tls_ssf = 0;
+	op->o_transport_ssf = 0;
 #ifdef HAVE_TLS
-	if ( ldap_get_option( si->si_ld, LDAP_OPT_X_TLS_SSL_CTX, &ssl ) == LDAP_SUCCESS &&
-	     ssl != NULL ) {
+	if ( ldap_get_option( si->si_ld, LDAP_OPT_X_TLS_SSL_CTX, &ssl )
+		== LDAP_SUCCESS && ssl != NULL )
+	{
 		op->o_tls_ssf = ldap_pvt_tls_get_strength( ssl );
 	}
 #endif /* HAVE_TLS */
 	ldap_get_option( si->si_ld, LDAP_OPT_X_SASL_SSF, &op->o_sasl_ssf );
-	op->o_transport_ssf = op->o_ssf = ( op->o_sasl_ssf > op->o_tls_ssf ) ?
-		op->o_sasl_ssf : op->o_tls_ssf;
+	op->o_ssf = ( op->o_sasl_ssf > op->o_tls_ssf )
+		?  op->o_sasl_ssf : op->o_tls_ssf;

 	/* get syncrepl cookie of shadow replica from subentry */
 	assert( si->si_rid < 1000 );