Move lconn_tls_ctx to ldo_tls_ctx. Otherwise clients cannot set it after

ldap_initializ'ing an LD and before connecting on it. Really all of the
global TLS options belong in the ldapoptions struct, instead of static vars.

libraries/libldap/ldap-int.h

@@ -169,6 +169,8 @@ struct ldapoptions {
 	ber_int_t		ldo_sizelimit;
 
 #ifdef HAVE_TLS
+   	/* tls context */
+   	void		*ldo_tls_ctx;
    	int			ldo_tls_mode;
 	LDAP_TLS_CONNECT_CB	*ldo_tls_connect_cb;
 	void*			ldo_tls_connect_arg;
@@ -210,10 +212,6 @@ struct ldapoptions {
  */
 typedef struct ldap_conn {
 	Sockbuf		*lconn_sb;
-#ifdef HAVE_TLS
-   	/* tls context */
-   	void		*lconn_tls_ctx;
-#endif
 #ifdef HAVE_CYRUS_SASL
 	void		*lconn_sasl_authctx;	/* context for bind */
 	void		*lconn_sasl_sockctx;	/* for security layer */

libraries/libldap/tls.c

@@ -764,8 +764,10 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
 
 	} else {
 		struct ldapoptions *lo;
-		void *ctx = ld->ld_defconn
-			? ld->ld_defconn->lconn_tls_ctx : NULL;
+		void *ctx;
+
+		lo = &ld->ld_options;
+		ctx = lo->ldo_tls_ctx;
 
 		ssl = alloc_handle( ctx );
 
@@ -780,9 +782,8 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
 
 		if( ctx == NULL ) {
 			ctx = tls_def_ctx;
-			conn->lconn_tls_ctx = tls_def_ctx;
+			lo->ldo_tls_ctx = ctx;
 		}
-		lo = &ld->ld_options;
 		if ( lo->ldo_tls_connect_cb )
 			lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
 		lo = LDAP_INT_GLOBAL_OPT();   
@@ -1245,7 +1246,7 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
 		if ( ld == NULL ) {
 			*(void **)arg = (void *) tls_def_ctx;
 		} else {
-			*(void **)arg = ld->ld_defconn->lconn_tls_ctx;
+			*(void **)arg = lo->ldo_tls_ctx;
 		}
 		break;
 	case LDAP_OPT_X_TLS_CACERTFILE:
@@ -1347,7 +1348,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
 			tls_def_ctx = (SSL_CTX *) arg;
 
 		} else {
-			ld->ld_defconn->lconn_tls_ctx = arg;
+			lo->ldo_tls_ctx = arg;
 		}
 		return 0;
 	case LDAP_OPT_X_TLS_CONNECT_CB: