Ticket #281 - TLS not working with latest openldap
https://fedorahosted.org/389/ticket/281
Resolves: Ticket #281
Bug Description: TLS not working with latest openldap
Reviewed by: nkinder (Thanks!)
Branch: 389-ds-base-1.2.10
Fix Description: The previous fix did not take into account ssl client
auth. The way openldap ssl init works now is that you must set all of the
ssl parameters before creating the new ctx. Since slapi_ldap_init_ext()
does not know if client auth will be used, we have to do all of the ssl
init in slapi_ldap_bind. Doing setup_ol_tls_conn() again will free the
old TLS context and parameters. It is a little more time consuming in
the clientauth case, but is safer and saves time in the other cases.
Platforms tested: RHEL6 x86_64, Fedora 16
Flag Day: no
Doc impact: no
(cherry picked from commit e7d9bdd341b360048e62c0d01894da0281503488)