From patchwork Tue Jan 8 17:27:59 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [06/13] libnsdb: nsdb_start_tls() should always get a certfile argument Date: Tue, 08 Jan 2013 07:27:59 -0000 From: Chuck Lever X-Patchwork-Id: 210453 Message-Id: <20130108172758.65133.3394.stgit@seurat.1015granger.net> To: fedfs-utils-devel@oss.oracle.com nsdb_start_tls() is called only when FEDFS_SEC_TLS is set for an NSDB. It doesn't make sense to return success if no certfile is passed to it: it should be a failure, since the connection to the NSDB is not secured if there is no certificate to use. Signed-off-by: Chuck Lever --- src/libnsdb/ldap.c | 8 ++------ 1 files changed, 2 insertions(+), 6 deletions(-) diff --git a/src/libnsdb/ldap.c b/src/libnsdb/ldap.c index 5436a1e..5916c19 100644 --- a/src/libnsdb/ldap.c +++ b/src/libnsdb/ldap.c @@ -564,10 +564,6 @@ nsdb_bind(LDAP *ld, const char *binddn, const char *passwd, * @param certfile NUL-terminated C string containing pathname of X.509 cert file * @param ldap_err OUT: possibly an LDAP error code * @return a FedFsStatus code - * - * If "certfile" is not NULL, then the certfile contents are used to - * authenticate the server, and TLS must be started and operating - * before this function returns true. */ FedFsStatus nsdb_start_tls(LDAP *ld, const char *certfile, unsigned int *ldap_err) @@ -575,9 +571,9 @@ nsdb_start_tls(LDAP *ld, const char *certfile, unsigned int *ldap_err) int value, rc; char *uri; - /* Nothing to do if no certfile was provided */ if (certfile == NULL) - return FEDFS_OK; + return FEDFS_ERR_INVAL; + xlog(D_CALL, "%s: Using certfile %s", __func__, certfile); rc = ldap_set_option(ld, LDAP_OPT_X_TLS_CERTFILE, certfile); if (rc != LDAP_OPT_SUCCESS) {