From 16445ac913a7e8eff2b48edf76a42e2bab7d6bb1 Mon Sep 17 00:00:00 2001 From: Graham Leggett Date: Mar 31 2016 20:11:48 +0000 Subject: Ticket #48782 - Make sure that when LDAP_OPT_X_TLS_NEWCTX is set, the value is set to zero. Description: The attached patch is for the optval issue described above. Optval is explicitly set to zero, rather than using whatever arbitrary value is present in optval from the earlier ldap_set_option call. https://fedorahosted.org/389/ticket/48782 Reviewed by nhosoi@redhat.com. --- diff --git a/ldap/servers/slapd/ldaputil.c b/ldap/servers/slapd/ldaputil.c index e62d1f2..3851be5 100644 --- a/ldap/servers/slapd/ldaputil.c +++ b/ldap/servers/slapd/ldaputil.c @@ -605,7 +605,8 @@ setup_ol_tls_conn(LDAP *ld, int clientauth) /* have to do this last - this creates the new TLS handle and sets/copies all of the parameters set above into that TLS handle context - note - that optval is ignored - what matters is that it is not NULL */ + that optval is zero, meaning create a context for a client */ + optval = 0; if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &optval))) { slapi_log_error(SLAPI_LOG_FATAL, "setup_ol_tls_conn", "failed: unable to create new TLS context - %d\n", rc);