Browse Source

made cafile optional for starttls as encryption might be enough for a start

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@847 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.8
Jan Kneschke 16 years ago
parent
commit
6ca932df94
  1. 24
      src/mod_auth.c

24
src/mod_auth.c

@ -521,9 +521,7 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) {
return HANDLER_GO_ON;
}
handler_t
auth_ldap_init(server *srv, mod_auth_plugin_config *s)
{
handler_t auth_ldap_init(server *srv, mod_auth_plugin_config *s) {
#ifdef USE_LDAP
int ret;
#if 0
@ -550,7 +548,6 @@ auth_ldap_init(server *srv, mod_auth_plugin_config *s)
}
if (s->auth_ldap_hostname->used) {
int ret;
if (NULL == (s->ldap = ldap_init(s->auth_ldap_hostname->ptr, LDAP_PORT))) {
log_error_write(srv, __FILE__, __LINE__, "ss", "ldap ...", strerror(errno));
@ -565,17 +562,16 @@ auth_ldap_init(server *srv, mod_auth_plugin_config *s)
}
if (s->auth_ldap_starttls) {
if (buffer_is_empty(s->auth_ldap_cafile)) {
log_error_write(srv, __FILE__, __LINE__, "s", "CA file has to be set");
/* if no CA file is given, it is ok, as we will use encryption
* if the server requires a CAfile it will tell us */
if (!buffer_is_empty(s->auth_ldap_cafile)) {
if (LDAP_OPT_SUCCESS != (ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE,
s->auth_ldap_cafile->ptr))) {
log_error_write(srv, __FILE__, __LINE__, "ss",
"Loading CA certificate failed:", ldap_err2string(ret));
return HANDLER_ERROR;
}
if (LDAP_OPT_SUCCESS != (ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, s->auth_ldap_cafile->ptr))) {
log_error_write(srv, __FILE__, __LINE__, "ss", "Loading CA certificate failed:", ldap_err2string(ret));
return HANDLER_ERROR;
return HANDLER_ERROR;
}
}
if (LDAP_OPT_SUCCESS != (ret = ldap_start_tls_s(s->ldap, NULL, NULL))) {

Loading…
Cancel
Save