You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2011/12/02 18:44:09 UTC
svn commit: r1209601 - /httpd/httpd/trunk/modules/ldap/util_ldap.c
Author: sf
Date: Fri Dec 2 17:44:09 2011
New Revision: 1209601
URL: http://svn.apache.org/viewvc?rev=1209601&view=rev
Log:
Fix segfault with Solaris LDAP SDK when enabling ldaps.
Enable SSL by passing secure=1 to apr_ldap_init instead of calling
apr_ldap_set_option(... APR_LDAP_OPT_TLS ...).
This change carefully avoids any change of behavior on non-Solaris LDAP SDKs.
PR: 42682
Modified:
httpd/httpd/trunk/modules/ldap/util_ldap.c
Modified: httpd/httpd/trunk/modules/ldap/util_ldap.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ldap/util_ldap.c?rev=1209601&r1=1209600&r2=1209601&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ldap/util_ldap.c (original)
+++ httpd/httpd/trunk/modules/ldap/util_ldap.c Fri Dec 2 17:44:09 2011
@@ -262,6 +262,23 @@ static int uldap_connection_init(request
util_ldap_state_t *st =
(util_ldap_state_t *)ap_get_module_config(r->server->module_config,
&ldap_module);
+ int have_client_certs = !apr_is_empty_array(ldc->client_certs);
+#if !APR_HAS_SOLARIS_LDAPSDK
+ /*
+ * Normally we enable SSL/TLS with apr_ldap_set_option(), except
+ * with Solaris LDAP, where this is broken.
+ */
+ int secure = APR_LDAP_NONE;
+#else
+ /*
+ * With Solaris LDAP, we enable TSL via the secure argument
+ * to apr_ldap_init(). This requires a fix from apr-util >= 1.4.0.
+ *
+ * Just in case client certificates ever get supported, we
+ * handle those as with the other LDAP SDKs.
+ */
+ int secure = have_client_certs ? APR_LDAP_NONE : ldc->secure;
+#endif
/* Since the host will include a port if the default port is not used,
* always specify the default ports for the port parameter. This will
@@ -272,8 +289,7 @@ static int uldap_connection_init(request
apr_ldap_init(r->pool, &(ldc->ldap),
ldc->host,
APR_LDAP_SSL == ldc->secure ? LDAPS_PORT : LDAP_PORT,
- APR_LDAP_NONE,
- &(result));
+ secure, &(result));
if (NULL == result) {
/* something really bad happened */
@@ -318,7 +334,7 @@ static int uldap_connection_init(request
ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
/* set client certificates */
- if (!apr_is_empty_array(ldc->client_certs)) {
+ if (have_client_certs) {
apr_ldap_set_option(r->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT,
ldc->client_certs, &(result));
if (LDAP_SUCCESS != result->rc) {
@@ -329,7 +345,12 @@ static int uldap_connection_init(request
}
/* switch on SSL/TLS */
- if (APR_LDAP_NONE != ldc->secure) {
+ if (APR_LDAP_NONE != ldc->secure
+#if APR_HAS_SOLARIS_LDAPSDK
+ /* See comments near apr_ldap_init() above */
+ && have_client_certs
+#endif
+ ) {
apr_ldap_set_option(r->pool, ldc->ldap,
APR_LDAP_OPT_TLS, &ldc->secure, &(result));
if (LDAP_SUCCESS != result->rc) {