diff options
| author | Jonathan Matthew <jmatthew@cvs.openbsd.org> | 2016-05-01 00:32:38 +0000 |
|---|---|---|
| committer | Jonathan Matthew <jmatthew@cvs.openbsd.org> | 2016-05-01 00:32:38 +0000 |
| commit | 344e69804391bf056890fd0fd4c077645230f565 (patch) | |
| tree | 5171ee19b2630895ee269bad7a2f3042d037ddf4 /usr.sbin/ldapd/ldape.c | |
| parent | f92aaf9e63830deb6f727004e6d0e1eba5d420de (diff) | |
convert ldapd to use the libtls api, bringing in a copy of the evbuffer_tls
code from syslogd.
ok beck@ benno@
Diffstat (limited to 'usr.sbin/ldapd/ldape.c')
| -rw-r--r-- | usr.sbin/ldapd/ldape.c | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/usr.sbin/ldapd/ldape.c b/usr.sbin/ldapd/ldape.c index bb681a336dc..36559e1954b 100644 --- a/usr.sbin/ldapd/ldape.c +++ b/usr.sbin/ldapd/ldape.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldape.c,v 1.23 2015/12/24 17:47:57 mmcc Exp $ */ +/* $OpenBSD: ldape.c,v 1.24 2016/05/01 00:32:37 jmatthew Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -341,6 +341,7 @@ ldape(struct passwd *pw, char *csockpath, int pipe_parent2ldap[2]) struct event ev_sigterm; struct event ev_sigchld; struct event ev_sighup; + struct ssl key; char host[128]; mode_t old_umask = 0; @@ -424,7 +425,24 @@ ldape(struct passwd *pw, char *csockpath, int pipe_parent2ldap[2]) event_add(&l->ev, NULL); evtimer_set(&l->evt, conn_accept, l); - ssl_setup(conf, l); + if (l->flags & F_SSL) { + if (strlcpy(key.ssl_name, l->ssl_cert_name, + sizeof(key.ssl_name)) >= sizeof(key.ssl_name)) + fatal("ldape: certificate name truncated"); + + l->ssl = SPLAY_FIND(ssltree, conf->sc_ssl, &key); + if (l->ssl == NULL) + fatal("ldape: certificate tree corrupted"); + + l->tls = tls_server(); + if (l->tls == NULL) + fatal("ldape: couldn't allocate tls context"); + + if (tls_configure(l->tls, l->ssl->config)) { + log_warn("ldape: %s", tls_error(l->tls)); + fatal("ldape: couldn't configure tls"); + } + } } TAILQ_FOREACH(ns, &conf->namespaces, next) { |