bail out with error if someone tries to use another cert than PEM with OpenLDAP.

author Gunter Knauf <gk@gknw.de>

Sat, 25 Aug 2007 12:10:30 +0000 (12:10 +0000)

committer Gunter Knauf <gk@gknw.de>

Sat, 25 Aug 2007 12:10:30 +0000 (12:10 +0000)
author Gunter Knauf <gk@gknw.de>
Sat, 25 Aug 2007 12:10:30 +0000 (12:10 +0000)
committer Gunter Knauf <gk@gknw.de>
Sat, 25 Aug 2007 12:10:30 +0000 (12:10 +0000)
diff --git a/lib/ldap.c b/lib/ldap.c

index 4e626163264b4a64d8fd3a6c456a65b768f32cf6..abbd52f2951431ca2fef32531d11a9444bc1c35f 100644 (file)
--- a/lib/ldap.c
+++ b/lib/ldap.c
@@ -216,6 +216,12 @@ CURLcode Curl_ldap(struct connectdata *conn, bool *done)
  #elif defined(LDAP_OPT_X_TLS)
      if (data->set.ssl.verifypeer) {
        /* OpenLDAP SDK supports BASE64 files. */
+      if ((data->set.str[STRING_CERT_TYPE]) &&
+              (!strequal(data->set.str[STRING_CERT_TYPE], "PEM"))) {
+        failf(data, "LDAP local: ERROR OpenLDAP does only support PEM cert-type!");
+        status = CURLE_SSL_CERTPROBLEM;
+        goto quit;
+      }
        if (!ldap_ca) {
          failf(data, "LDAP local: ERROR PEM CA cert not set!");
          status = CURLE_SSL_CERTPROBLEM;
author	Gunter Knauf <gk@gknw.de>
	Sat, 25 Aug 2007 12:10:30 +0000 (12:10 +0000)
committer	Gunter Knauf <gk@gknw.de>
	Sat, 25 Aug 2007 12:10:30 +0000 (12:10 +0000)