Need to call ldapssl_clientauth_init() for start_tls on Mozilla

LDAP SDK.

diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c
index bb6f5a668ea7032f0a2991fde3370e4310c5c0e5..d4ee6f51165d2df77664760f206e60c6027af8dd 100644 (file)
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -124,6 +124,7 @@ extern int ldapssl_set_strength(LDAP *ldap, int strength);
 #define CONF_LIST_STR  4
 #define CONF_DEREF_VAL 5
 
+#define SUDO_LDAP_CLEAR                0
 #define SUDO_LDAP_SSL          1
 #define SUDO_LDAP_STARTTLS     2
 
@@ -522,7 +523,8 @@ sudo_ldap_init(LDAP **ldp, const char *host, int port)
     debug_decl(sudo_ldap_init, SUDO_DEBUG_LDAP)
 
 #ifdef HAVE_LDAPSSL_INIT
-    if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) {
+    if (ldap_conf.ssl_mode != SUDO_LDAP_CLEAR) {
+       const int defsecure = ldap_conf.ssl_mode == SUDO_LDAP_SSL;
        DPRINTF(("ldapssl_clientauth_init(%s, %s)",
            ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL",
            ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"), 2);
@@ -566,8 +568,8 @@ sudo_ldap_init(LDAP **ldp, const char *host, int port)
            goto done;
        }
 
-       DPRINTF(("ldapssl_init(%s, %d, 1)", host, port), 2);
-       if ((ld = ldapssl_init(host, port, 1)) != NULL)
+       DPRINTF(("ldapssl_init(%s, %d, %d)", host, port, defsecure), 2);
+       if ((ld = ldapssl_init(host, port, defsecure)) != NULL)
            rc = LDAP_SUCCESS;
     } else
 #endif