made cafile optional for starttls as encryption might be enough for a start

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@847 152afb58-edef-0310-8abb-c4023f1b3aa9

src/mod_auth.c

@@ -521,9 +521,7 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) {
         return HANDLER_GO_ON;
 }
 
-handler_t
-auth_ldap_init(server *srv, mod_auth_plugin_config *s)
-{
+handler_t auth_ldap_init(server *srv, mod_auth_plugin_config *s) {
 #ifdef USE_LDAP
 			int ret;
 #if 0			
@@ -550,7 +548,6 @@ auth_ldap_init(server *srv, mod_auth_plugin_config *s)
 			}
 			
 			if (s->auth_ldap_hostname->used) {
-				int ret;
 				if (NULL == (s->ldap = ldap_init(s->auth_ldap_hostname->ptr, LDAP_PORT))) {
 					log_error_write(srv, __FILE__, __LINE__, "ss", "ldap ...", strerror(errno));
 					
@@ -565,17 +562,16 @@ auth_ldap_init(server *srv, mod_auth_plugin_config *s)
 				}
 
 				if (s->auth_ldap_starttls) {
-					if (buffer_is_empty(s->auth_ldap_cafile)) {
-						log_error_write(srv, __FILE__, __LINE__, "s", "CA file has to be set");
+					/* if no CA file is given, it is ok, as we will use encryption 
+					 * if the server requires a CAfile it will tell us */
+					if (!buffer_is_empty(s->auth_ldap_cafile)) {
+						if (LDAP_OPT_SUCCESS != (ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, 
+										s->auth_ldap_cafile->ptr))) {
+							log_error_write(srv, __FILE__, __LINE__, "ss", 
+									"Loading CA certificate failed:", ldap_err2string(ret));
 						
-						return HANDLER_ERROR;
-						
-					}
-			
-					if (LDAP_OPT_SUCCESS != (ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, s->auth_ldap_cafile->ptr))) {
-						log_error_write(srv, __FILE__, __LINE__, "ss", "Loading CA certificate failed:", ldap_err2string(ret));
-						
-						return HANDLER_ERROR;
+							return HANDLER_ERROR;
+						}
 					}
 	
 					if (LDAP_OPT_SUCCESS != (ret = ldap_start_tls_s(s->ldap, NULL,  NULL))) {