Attachment #34094 for bug #55095




*/
static int enable_tls_on(LDAP *conn) {
#if HAVE_LDAP_TLS
	int version;
	int ldrc;

	if (ldaperror(ldrc=ldap_get_option (conn,
				    LDAP_OPT_PROTOCOL_VERSION,
				    &version))
	    != LDAP_SUCCESS)
	{
		const char *s=ldap_err2string(ldrc);

#if	HAVE_SYSLOG_H
		syslog(LOG_DAEMON|LOG_CRIT,
		       "ldap_get_option failed: %s", s);
#endif
		return (-1);
	}

	if (version < LDAP_VERSION3)
	{
		version = LDAP_VERSION3;
		(void)ldap_set_option (conn,
				       LDAP_OPT_PROTOCOL_VERSION,
				       &version);
	}

	if (ldaperror(ldrc=ldap_start_tls_s(conn, NULL, NULL))
	    != LDAP_SUCCESS)
	{


static int ldapopen()
{
	int     ldrc;
	int     version;
	
	if (my_ldap_fp)	return (0);

	if (authldap_read_config(&my_ldap) == 0)

	{
		return (1);
	}
	
	// attempt to upgrade the protocol version as high as we can.
	// We might want to add a config option like LDAP_PROTO_VERSION
	// and try to set to that if set, or else run this.
	if (ldaperror(ldrc=ldap_get_option (my_ldap_fp,
				    LDAP_OPT_PROTOCOL_VERSION,
				    &version))
	    != LDAP_SUCCESS)
	{
		const char *s=ldap_err2string(ldrc);

#if	HAVE_SYSLOG_H
		syslog(LOG_DAEMON|LOG_CRIT,
		       "ldap_get_option failed: %s", s);
#endif
	}
	else
	{
		int tmpversion = LDAP_VERSION_MAX;
		while(tmpversion > version)
		{
			if(ldap_set_option (my_ldap_fp,
					       LDAP_OPT_PROTOCOL_VERSION,
					       &tmpversion) == LDAP_SUCCESS)
				break;
			tmpversion--;
		}
		version = tmpversion;
	}
	
#if HAVE_LDAP_TLS
	if (my_ldap.tls && enable_tls_on(my_ldap_fp))
	{

Return to bug 55095

Lines 676-706 Link Here

(-)courier-imap-3.0.2/authlib/authldaplib.c (-25 / +32 lines)
676	*/	676	*/
677	static int enable_tls_on(LDAP *conn) {	677	static int enable_tls_on(LDAP *conn) {
678	#if HAVE_LDAP_TLS	678	#if HAVE_LDAP_TLS
679	int version;
680	int ldrc;	679	int ldrc;
681		680
682	if (ldaperror(ldrc=ldap_get_option (conn,
683	LDAP_OPT_PROTOCOL_VERSION,
684	&version))
685	!= LDAP_SUCCESS)
686	{
687	const char *s=ldap_err2string(ldrc);
688
689	#if HAVE_SYSLOG_H
690	syslog(LOG_DAEMON\|LOG_CRIT,
691	"ldap_get_option failed: %s", s);
692	#endif
693	return (-1);
694	}
695
696	if (version < LDAP_VERSION3)
697	{
698	version = LDAP_VERSION3;
699	(void)ldap_set_option (conn,
700	LDAP_OPT_PROTOCOL_VERSION,
701	&version);
702	}
703
704	if (ldaperror(ldrc=ldap_start_tls_s(conn, NULL, NULL))	681	if (ldaperror(ldrc=ldap_start_tls_s(conn, NULL, NULL))
705	!= LDAP_SUCCESS)	682	!= LDAP_SUCCESS)
706	{	683	{
Lines 754-761 Link Here
754		731
755	static int ldapopen()	732	static int ldapopen()
756	{	733	{
757	int ldrc;	734	int ldrc;
758		735	int version;
		736
759	if (my_ldap_fp) return (0);	737	if (my_ldap_fp) return (0);
760		738
761	if (authldap_read_config(&my_ldap) == 0)	739	if (authldap_read_config(&my_ldap) == 0)
Lines 767-773 Link Here
767	{	745	{
768	return (1);	746	return (1);
769	}	747	}
		748
		749	// attempt to upgrade the protocol version as high as we can.
		750	// We might want to add a config option like LDAP_PROTO_VERSION
		751	// and try to set to that if set, or else run this.
		752	if (ldaperror(ldrc=ldap_get_option (my_ldap_fp,
		753	LDAP_OPT_PROTOCOL_VERSION,
		754	&version))
		755	!= LDAP_SUCCESS)
		756	{
		757	const char *s=ldap_err2string(ldrc);
770		758
		759	#if HAVE_SYSLOG_H
		760	syslog(LOG_DAEMON\|LOG_CRIT,
		761	"ldap_get_option failed: %s", s);
		762	#endif
		763	}
		764	else
		765	{
		766	int tmpversion = LDAP_VERSION_MAX;
		767	while(tmpversion > version)
		768	{
		769	if(ldap_set_option (my_ldap_fp,
		770	LDAP_OPT_PROTOCOL_VERSION,
		771	&tmpversion) == LDAP_SUCCESS)
		772	break;
		773	tmpversion--;
		774	}
		775	version = tmpversion;
		776	}
		777
771	#if HAVE_LDAP_TLS	778	#if HAVE_LDAP_TLS
772	if (my_ldap.tls && enable_tls_on(my_ldap_fp))	779	if (my_ldap.tls && enable_tls_on(my_ldap_fp))
773	{	780	{