diff options
author | Omar Polo <op@omarpolo.com> | 2024-02-28 09:25:16 +0000 |
---|---|---|
committer | Omar Polo <op@omarpolo.com> | 2024-02-28 09:25:16 +0000 |
commit | 86f2f1927743257674d29d4fed250bdce5d1c0b5 (patch) | |
tree | 20ba029d3453bc450b28190c2343fa4b20941ba2 | |
parent | table-ldap: add ldaps support (diff) | |
download | OpenSMTPD-extras-master.tar.xz OpenSMTPD-extras-master.zip |
Even if unlikely, it's better not to stomp over another library
namespace. Furthermore, it's only one place where we need to do
the handshake.
(actually, the handshake could be entirely removed since libtls
does it implicitly and we don't seem to care about having done the
handshake otherwise -- e.g. for checking the remote certificate
before sending queries.)
-rw-r--r-- | extras/tables/table-ldap/aldap.c | 17 |
1 files changed, 6 insertions, 11 deletions
diff --git a/extras/tables/table-ldap/aldap.c b/extras/tables/table-ldap/aldap.c index fca8abc..dfb2690 100644 --- a/extras/tables/table-ldap/aldap.c +++ b/extras/tables/table-ldap/aldap.c @@ -97,19 +97,11 @@ aldap_init(int fd) return a; } -static int -tls_handshake_wrapper(struct tls *ctx) -{ - int ret; - do { - ret = tls_handshake(ctx); - } while (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT); - return ret; -} - int aldap_tls(struct aldap *ldap, struct tls_config *cfg, const char *name) { + int ret; + ldap->tls = tls_client(); if (ldap->tls == NULL) { ldap->err = ALDAP_ERR_OPERATION_FAILED; @@ -126,7 +118,10 @@ aldap_tls(struct aldap *ldap, struct tls_config *cfg, const char *name) return (-1); } - if (tls_handshake_wrapper(ldap->tls) == -1) { + do { + ret = tls_handshake(ldap->tls); + } while (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT); + if (ret == -1) { ldap->err = ALDAP_ERR_TLS_ERROR; return (-1); } |