--- apr-util-1.3.9/ldap/apr_ldap_init.c.dist Fri May 30 16:30:07 2008 +++ apr-util-1.3.9/ldap/apr_ldap_init.c.dist Tue Aug 3 18:01:01 2010 @@ -149,28 +149,31 @@ const char *hostname, int portno, int secure, apr_ldap_err_t **result_err) { apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); *result_err = result; #if APR_HAS_LDAPSSL_INIT - *ldap = ldapssl_init(hostname, portno, 0); + *ldap = ldapssl_init(hostname, portno, secure == APR_LDAP_SSL); #elif APR_HAS_LDAP_SSLINIT - *ldap = ldap_sslinit((char *)hostname, portno, 0); + *ldap = ldap_sslinit((char *)hostname, portno, secure == APR_LDAP_SSL); #else *ldap = ldap_init((char *)hostname, portno); #endif if (*ldap != NULL) { - return apr_ldap_set_option(pool, *ldap, APR_LDAP_OPT_TLS, &secure, result_err); + if (secure != APR_LDAP_SSL) + return apr_ldap_set_option(pool, *ldap, APR_LDAP_OPT_TLS, &secure, result_err); + else + return APR_SUCCESS; } else { /* handle the error case */ apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); *result_err = result; result->reason = "APR LDAP: Unable to initialize the LDAP connection"; result->rc = -1; return APR_EGENERAL; } --- httpd-2.2.14/modules/ldap/util_ldap.c.dist Tue Aug 3 17:27:35 2010 +++ httpd-2.2.14/modules/ldap/util_ldap.c.dist Tue Aug 3 17:31:27 2010 @@ -211,31 +211,32 @@ { int rc = 0, ldap_option = 0; int version = LDAP_VERSION3; apr_ldap_err_t *result = NULL; #ifdef LDAP_OPT_NETWORK_TIMEOUT struct timeval timeOut = {10,0}; /* 10 second connection timeout */ #endif util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(r->server->module_config, &ldap_module); + int have_client_certs = !apr_is_empty_array(ldc->client_certs); /* Since the host will include a port if the default port is not used, * always specify the default ports for the port parameter. This will * allow a host string that contains multiple hosts the ability to mix * some hosts with ports and some without. All hosts which do not * specify a port will use the default port. */ apr_ldap_init(r->pool, &(ldc->ldap), ldc->host, APR_LDAP_SSL == ldc->secure ? LDAPS_PORT : LDAP_PORT, - APR_LDAP_NONE, + have_client_certs ? APR_LDAP_NONE : ldc->secure, &(result)); if (NULL == result) { /* something really bad happened */ ldc->bound = 0; if (NULL == ldc->reason) { ldc->reason = "LDAP: ldap initialization failed"; } return(APR_EGENERAL); @@ -254,32 +255,32 @@ else { ldc->reason = result->reason; } return(result->rc); } /* always default to LDAP V3 */ ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version); /* set client certificates */ - if (!apr_is_empty_array(ldc->client_certs)) { + if (!have_client_certs) { apr_ldap_set_option(r->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT, ldc->client_certs, &(result)); if (LDAP_SUCCESS != result->rc) { uldap_connection_unbind( ldc ); ldc->reason = result->reason; return(result->rc); } } /* switch on SSL/TLS */ - if (APR_LDAP_NONE != ldc->secure) { + if (have_client_certs && APR_LDAP_NONE != ldc->secure) { apr_ldap_set_option(r->pool, ldc->ldap, APR_LDAP_OPT_TLS, &ldc->secure, &(result)); if (LDAP_SUCCESS != result->rc) { uldap_connection_unbind( ldc ); ldc->reason = result->reason; return(result->rc); } } /* Set the alias dereferencing option */