[exim-cvs] LDAP: Check for errors of TLS initialisation

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Exim Git Commits Mailing List
Datum:  
To: exim-cvs
Betreff: [exim-cvs] LDAP: Check for errors of TLS initialisation
Gitweb: http://git.exim.org/exim.git/commitdiff/e74376d84aa63876c9a3b240513b8f38920733b7
Commit:     e74376d84aa63876c9a3b240513b8f38920733b7
Parent:     a97b88d511b436f13d95f3e92d5a4018cef2d2f0
Author:     Phil Pennock <pdp@???>
AuthorDate: Thu May 3 03:21:31 2012 -0700
Committer:  Phil Pennock <pdp@???>
CommitDate: Thu May 3 03:21:31 2012 -0700


    LDAP: Check for errors of TLS initialisation


    Report and patch from Dmitry Banschikov.
---
 doc/doc-txt/ChangeLog  |    4 ++++
 src/src/lookups/ldap.c |    7 ++++++-
 2 files changed, 10 insertions(+), 1 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 3a75ce0..b41783d 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -65,6 +65,10 @@ TK/01 Bugzilla 1239 - fix DKIM verification when signature was not inserted
 JH/01 Bugzilla 660 - Multi-valued attributes from ldap now parseable as a
       comma-sep list; embedded commas doubled.


+PP/15 LDAP: Check for errors of TLS initialisation, to give correct
+      diagnostics.
+      Report and patch from Dmitry Banschikov.
+


 Exim version 4.77
 -----------------
diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index 698928a..5c1ea0b 100644
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -523,7 +523,12 @@ if (!lcp->bound ||
   /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this: */
   if (eldap_start_tls)
     {
-    ldap_start_tls_s(lcp->ld, NULL, NULL);
+        if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS) {
+            *errmsg = string_sprintf("failed to initiate TLS processing on an "
+                "LDAP session to server %s%s - ldap_start_tls_s() returned %d:"
+                " %s", host, porttext, rc, ldap_err2string(rc));
+            goto RETURN_ERROR;
+        }
     }
 #endif
   if ((msgid = ldap_bind(lcp->ld, CS user, CS password, LDAP_AUTH_SIMPLE))