[Pkg-gnupg-commit] [gnupg2] 67/292: w32: Fix STARTTLS on LDAP connections.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Nov 21 06:31:26 UTC 2016


This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit 8d37018050373a47566bf8ea0d894da20ed292c7
Author: Justus Winter <justus at g10code.com>
Date:   Fri Sep 30 10:57:32 2016 +0200

    w32: Fix STARTTLS on LDAP connections.
    
    * dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix build against
    <winldap.h>.
    
    GnuPG-bug-id: 1338
    Debian-bug-id: 623526
    Fixes-commit: 9e6f8a55
    Signed-off-by: Justus Winter <justus at g10code.com>
---
 dirmngr/ks-engine-ldap.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index 9b9efc7..baed6cd 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -519,6 +519,7 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
       /* XXX: We need an option to determine whether to abort if the
 	 certificate is bad or not.  Right now we conservatively
 	 default to checking the certificate and aborting.  */
+#ifndef HAVE_W32_SYSTEM
       int check_cert = LDAP_OPT_X_TLS_HARD; /* LDAP_OPT_X_TLS_NEVER */
 
       err = ldap_set_option (ldap_conn,
@@ -528,8 +529,21 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
 	  log_error ("Failed to set TLS option on LDAP connection.\n");
 	  goto out;
 	}
+#else
+      /* On Windows, the certificates are checked by default.  If the
+	 option to disable checking mentioned above is ever
+	 implemented, the way to do that on Windows is to install a
+	 callback routine using ldap_set_option (..,
+	 LDAP_OPT_SERVER_CERTIFICATE, ..); */
+#endif
 
-      err = ldap_start_tls_s (ldap_conn, NULL, NULL);
+      err = ldap_start_tls_s (ldap_conn,
+#ifdef HAVE_W32_SYSTEM
+			      /* ServerReturnValue, result */
+			      NULL, NULL,
+#endif
+			      /* ServerControls, ClientControls */
+			      NULL, NULL);
       if (err)
 	{
 	  log_error ("Failed to connect to LDAP server with TLS.\n");

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git



More information about the Pkg-gnupg-commit mailing list