[Pkg-gnupg-commit] [gnupg2] 67/292: w32: Fix STARTTLS on LDAP connections.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Nov 21 06:31:26 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 8d37018050373a47566bf8ea0d894da20ed292c7
Author: Justus Winter <justus at g10code.com>
Date: Fri Sep 30 10:57:32 2016 +0200
w32: Fix STARTTLS on LDAP connections.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix build against
<winldap.h>.
GnuPG-bug-id: 1338
Debian-bug-id: 623526
Fixes-commit: 9e6f8a55
Signed-off-by: Justus Winter <justus at g10code.com>
---
dirmngr/ks-engine-ldap.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index 9b9efc7..baed6cd 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -519,6 +519,7 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
/* XXX: We need an option to determine whether to abort if the
certificate is bad or not. Right now we conservatively
default to checking the certificate and aborting. */
+#ifndef HAVE_W32_SYSTEM
int check_cert = LDAP_OPT_X_TLS_HARD; /* LDAP_OPT_X_TLS_NEVER */
err = ldap_set_option (ldap_conn,
@@ -528,8 +529,21 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
log_error ("Failed to set TLS option on LDAP connection.\n");
goto out;
}
+#else
+ /* On Windows, the certificates are checked by default. If the
+ option to disable checking mentioned above is ever
+ implemented, the way to do that on Windows is to install a
+ callback routine using ldap_set_option (..,
+ LDAP_OPT_SERVER_CERTIFICATE, ..); */
+#endif
- err = ldap_start_tls_s (ldap_conn, NULL, NULL);
+ err = ldap_start_tls_s (ldap_conn,
+#ifdef HAVE_W32_SYSTEM
+ /* ServerReturnValue, result */
+ NULL, NULL,
+#endif
+ /* ServerControls, ClientControls */
+ NULL, NULL);
if (err)
{
log_error ("Failed to connect to LDAP server with TLS.\n");
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list