[git] GnuPG - branch, master, updated. gnupg-2.1.15-182-g8d37018

by Justus Winter cvs at cvs.gnupg.org
Fri Sep 30 11:02:22 CEST 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  8d37018050373a47566bf8ea0d894da20ed292c7 (commit)
      from  33800280da55a859e08dfa57f29144c89dd1bead (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8d37018050373a47566bf8ea0d894da20ed292c7
Author: Justus Winter <justus at g10code.com>
Date:   Fri Sep 30 10:57:32 2016 +0200

    w32: Fix STARTTLS on LDAP connections.
    
    * dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix build against
    <winldap.h>.
    
    GnuPG-bug-id: 1338
    Debian-bug-id: 623526
    Fixes-commit: 9e6f8a55
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index 9b9efc7..baed6cd 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -519,6 +519,7 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
       /* XXX: We need an option to determine whether to abort if the
 	 certificate is bad or not.  Right now we conservatively
 	 default to checking the certificate and aborting.  */
+#ifndef HAVE_W32_SYSTEM
       int check_cert = LDAP_OPT_X_TLS_HARD; /* LDAP_OPT_X_TLS_NEVER */
 
       err = ldap_set_option (ldap_conn,
@@ -528,8 +529,21 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
 	  log_error ("Failed to set TLS option on LDAP connection.\n");
 	  goto out;
 	}
+#else
+      /* On Windows, the certificates are checked by default.  If the
+	 option to disable checking mentioned above is ever
+	 implemented, the way to do that on Windows is to install a
+	 callback routine using ldap_set_option (..,
+	 LDAP_OPT_SERVER_CERTIFICATE, ..); */
+#endif
 
-      err = ldap_start_tls_s (ldap_conn, NULL, NULL);
+      err = ldap_start_tls_s (ldap_conn,
+#ifdef HAVE_W32_SYSTEM
+			      /* ServerReturnValue, result */
+			      NULL, NULL,
+#endif
+			      /* ServerControls, ClientControls */
+			      NULL, NULL);
       if (err)
 	{
 	  log_error ("Failed to connect to LDAP server with TLS.\n");

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/ks-engine-ldap.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list