From: Phil Pennock Date: Thu, 3 May 2012 10:21:31 +0000 (-0700) Subject: LDAP: Check for errors of TLS initialisation X-Git-Tag: exim-4_80_RC1~42 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/e74376d84aa63876c9a3b240513b8f38920733b7 LDAP: Check for errors of TLS initialisation Report and patch from Dmitry Banschikov. --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 3a75ce0d6..b41783d71 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -65,6 +65,10 @@ TK/01 Bugzilla 1239 - fix DKIM verification when signature was not inserted JH/01 Bugzilla 660 - Multi-valued attributes from ldap now parseable as a comma-sep list; embedded commas doubled. +PP/15 LDAP: Check for errors of TLS initialisation, to give correct + diagnostics. + Report and patch from Dmitry Banschikov. + Exim version 4.77 ----------------- diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c index 698928a6a..5c1ea0b56 100644 --- a/src/src/lookups/ldap.c +++ b/src/src/lookups/ldap.c @@ -523,7 +523,12 @@ if (!lcp->bound || /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this: */ if (eldap_start_tls) { - ldap_start_tls_s(lcp->ld, NULL, NULL); + if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS) { + *errmsg = string_sprintf("failed to initiate TLS processing on an " + "LDAP session to server %s%s - ldap_start_tls_s() returned %d:" + " %s", host, porttext, rc, ldap_err2string(rc)); + goto RETURN_ERROR; + } } #endif if ((msgid = ldap_bind(lcp->ld, CS user, CS password, LDAP_AUTH_SIMPLE))