upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-25 00:59:45 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#5360 move tls option setup

Browse source
This commit is contained in:
Howard Chu 2008-02-10 06:29:40 +00:00
parent 584c7fb8be
commit ae471f78c3
2 changed files with 7 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
servers/slapd/init.c
View file

@ -179,16 +179,6 @@ slap_init( int mode, const char *name )
return 1;
}
#ifdef HAVE_TLS
/* Library defaults to full certificate checking. This is correct when
* a client is verifying a server because all servers should have a
* valid cert. But few clients have valid certs, so we want our default
* to be no checking. The config file can override this as usual.
*/
rc = 0;
(void) ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc );
#endif
if ( frontend_init() ) {
slap_debug |= LDAP_DEBUG_NONE;
Debug( LDAP_DEBUG_ANY,

7
servers/slapd/main.c
View file

@ -736,6 +736,13 @@ unhandled_option:;
SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
goto destroy;
}
/* Library defaults to full certificate checking. This is correct when
* a client is verifying a server because all servers should have a
* valid cert. But few clients have valid certs, so we want our default
* to be no checking. The config file can override this as usual.
*/
rc = LDAP_OPT_X_TLS_NEVER;
(void) ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc );
#endif
rc = slap_init( serverMode, serverName );