Fix --without-tls (ITS#4975). Enable certificate matching.

libraries/libldap/tls.c

@@ -63,6 +63,8 @@
 #define HAS_TLS( sb )	ber_sockbuf_ctrl( sb, LBER_SB_OPT_HAS_IO, \
 				(void *)&sb_tls_sbio )
 
+#endif /* HAVE_TLS */
+
 /* RFC2459 minimum required set of supported attribute types
  * in a certificate DN
  */
@@ -92,6 +94,7 @@ static oid_name oids[] = {
 	{ BER_BVNULL, BER_BVNULL }
 };
 
+#ifdef HAVE_TLS
 #ifdef HAVE_GNUTLS
 
 typedef struct tls_cipher_suite {

servers/slapd/dn.c

@@ -1257,7 +1257,6 @@ int register_certificate_map_function(SLAP_CERT_MAP_FN *fn)
 	return -1;
 }
 
-#ifdef HAVE_TLS
 /*
  * Convert an X.509 DN into a normalized LDAP DN
  */
@@ -1274,6 +1273,7 @@ dnX509normalize( void *x509_name, struct berval *out )
 	return rc;
 }
 
+#ifdef HAVE_TLS
 /*
  * Get the TLS session's peer's DN into a normalized LDAP DN
  */

servers/slapd/schema_init.c

@@ -4536,12 +4536,8 @@ static slap_mrule_defs_rec mrule_defs[] = {
 	{"( 2.5.13.34 NAME 'certificateExactMatch' "
 		"SYNTAX 1.3.6.1.1.15.1 )",
 		SLAP_MR_EQUALITY | SLAP_MR_EXT, certificateExactMatchSyntaxes,
-#ifdef HAVE_TLS
 		NULL, certificateExactNormalize, octetStringMatch,
 		octetStringIndexer, octetStringFilter,
-#else
-		NULL, NULL, NULL, NULL, NULL,
-#endif
 		NULL },
 
 	{"( 2.5.13.35 NAME 'certificateMatch' "

tests/scripts/defines.sh

@@ -43,7 +43,6 @@ VALSORT=${AC_valsort-valsortno}
 # misc
 WITH_SASL=${AC_WITH_SASL-no}
 USE_SASL=${SLAPD_USE_SASL-no}
-WITHTLS=${AC_WITHTLS-yes}
 ACI=${AC_ACI_ENABLED-acino}
 THREADS=${AC_THREADS-threadsno}
 

tests/scripts/test021-certificate

@@ -304,12 +304,7 @@ fi
 
 test $KILLSERVERS != no && kill -HUP $KILLPIDS
 
-if test "$WITHTLS" = no ; then 
-	echo "Certificate matching not suported without TLS"
-	LDIF=$CERTIFICATEOUT
-else
-	LDIF=$CERTIFICATETLS
-fi 
+LDIF=$CERTIFICATETLS
 
 echo "Filtering ldapsearch results..."
 . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT