From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Thu, 17 May 2012 15:04:33 +0000 (-0400)
Subject: Need to call ldapssl_clientauth_init() for start_tls on Mozilla
X-Git-Tag: SUDO_1_7_10~118
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=58d80bf7404452ca7fd9a5e215ef5cd7ad15cf80;p=sudo

Need to call ldapssl_clientauth_init() for start_tls on Mozilla
LDAP SDK.

--HG--
branch : 1.7
---

diff --git a/ldap.c b/ldap.c
index 5a46e12b5..90ccf713b 100644
--- a/ldap.c
+++ b/ldap.c
@@ -124,6 +124,7 @@ extern int ldapssl_set_strength(LDAP *ldap, int strength);
 #define CONF_LIST_STR	4
 #define CONF_DEREF_VAL	5
 
+#define SUDO_LDAP_CLEAR		0
 #define SUDO_LDAP_SSL		1
 #define SUDO_LDAP_STARTTLS	2
 
@@ -524,7 +525,8 @@ sudo_ldap_init(ldp, host, port)
     int rc = LDAP_CONNECT_ERROR;
 
 #ifdef HAVE_LDAPSSL_INIT
-    if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) {
+    if (ldap_conf.ssl_mode != SUDO_LDAP_CLEAR) {
+	const int defsecure = ldap_conf.ssl_mode == SUDO_LDAP_SSL;
 	DPRINTF(("ldapssl_clientauth_init(%s, %s)",
 	    ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL",
 	    ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"), 2);
@@ -568,8 +570,8 @@ sudo_ldap_init(ldp, host, port)
 	    goto done;
 	}
 
-	DPRINTF(("ldapssl_init(%s, %d, 1)", host, port), 2);
-	if ((ld = ldapssl_init(host, port, 1)) != NULL)
+	DPRINTF(("ldapssl_init(%s, %d, %d)", host, port, defsecure), 2);
+	if ((ld = ldapssl_init(host, port, defsecure)) != NULL)
 	    rc = LDAP_SUCCESS;
     } else
 #endif