diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2011-02-11 13:10:27 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-02-15 07:42:14 -0500 |
commit | 9ae3cdc58118884e3bac4e7702d3d0b23ba0e450 (patch) | |
tree | ae8075ccd301616f214879ad1a0af3ce26cff651 /src/providers/ldap/sdap_async_connection.c | |
parent | 480735cddc41159344b3e9f65b3e808fe44c82ce (diff) | |
download | sssd-9ae3cdc58118884e3bac4e7702d3d0b23ba0e450.tar.gz sssd-9ae3cdc58118884e3bac4e7702d3d0b23ba0e450.tar.xz sssd-9ae3cdc58118884e3bac4e7702d3d0b23ba0e450.zip |
Do not attempt to use START_TLS on SSL connections
Not all LDAP servers are capable of handling dual-encryption with
both TLS and SSL.
https://fedorahosted.org/sssd/ticket/795
Diffstat (limited to 'src/providers/ldap/sdap_async_connection.c')
-rw-r--r-- | src/providers/ldap/sdap_async_connection.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index ff8fb0d81..d2eadfa6a 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -24,6 +24,7 @@ #include "util/util.h" #include "util/sss_krb5.h" #include "providers/ldap/sdap_async_private.h" +#include "providers/ldap/ldap_common.h" #define LDAP_X_SSSD_PASSWORD_EXPIRED 0x555D @@ -1123,6 +1124,8 @@ static void sdap_cli_resolve_done(struct tevent_req *subreq) struct sdap_cli_connect_state *state = tevent_req_data(req, struct sdap_cli_connect_state); int ret; + bool use_tls = dp_opt_get_bool(state->opts->basic, + SDAP_ID_TLS); ret = be_resolve_server_recv(subreq, &state->srv); talloc_zfree(subreq); @@ -1134,10 +1137,15 @@ static void sdap_cli_resolve_done(struct tevent_req *subreq) return; } + if (use_tls && sdap_is_secure_uri(state->service->uri)) { + DEBUG(8, ("[%s] is a secure channel. No need to run START_TLS\n", + state->service->uri)); + use_tls = false; + } + subreq = sdap_connect_send(state, state->ev, state->opts, state->service->uri, - dp_opt_get_bool(state->opts->basic, - SDAP_ID_TLS)); + use_tls); if (!subreq) { tevent_req_error(req, ENOMEM); return; |