@@ -8,32 +8,30 @@ Closes #19830
88Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
99Upstream-reference: AI Backport of https://github.com/curl/curl/commit/39d1976b7f709a516e324333.patch
1010---
11- Utilities/cmcurl/lib/ldap.c | 35 +++++++++++++++++++++ --------------
12- 1 file changed, 21 insertions(+), 14 deletions(-)
11+ Utilities/cmcurl/lib/ldap.c | 49 ++++++++++++++--------- --------------
12+ 1 file changed, 19 insertions(+), 30 deletions(-)
1313
1414diff --git a/Utilities/cmcurl/lib/ldap.c b/Utilities/cmcurl/lib/ldap.c
15- index 678b4d5a..7c0f69c1 100644
15+ index 678b4d5a..b664e991 100644
1616--- a/Utilities/cmcurl/lib/ldap.c
1717+++ b/Utilities/cmcurl/lib/ldap.c
18- @@ -364,16 +364,31 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
18+ @@ -364,16 +364,29 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
1919 passwd = conn->passwd;
2020 }
2121
22- + #if defined( USE_WIN32_LDAP)
22+ + #ifdef USE_WIN32_LDAP
2323+ if(ldap_ssl)
2424+ server = ldap_sslinit(host, conn->primary.remote_port, 1);
2525+ else
26- + server = ldap_init(host, conn->primary.remote_port);
2726+ #else
28- + server = ldap_init(host, conn->primary.remote_port);
27+ + server = ldap_init(host, conn->primary.remote_port);
2928+ #endif
3029+ if(!server) {
31- + failf(data, "LDAP local: Cannot connect to %s:%u",
30+ + failf(data, "LDAP: cannot setup connect to %s:%u",
3231+ conn->host.dispname, conn->primary.remote_port);
3332+ result = CURLE_COULDNT_CONNECT;
3433+ goto quit;
3534+ }
36- +
3735+
3836 #ifdef LDAP_OPT_NETWORK_TIMEOUT
3937- ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout);
@@ -50,7 +48,7 @@ index 678b4d5a..7c0f69c1 100644
5048 ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON);
5149 #else
5250 int ldap_option;
53- @@ -441,7 +456 ,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
51+ @@ -441,7 +454 ,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
5452 goto quit;
5553 }
5654 infof(data, "LDAP local: using PEM CA cert: %s", ldap_ca);
@@ -59,7 +57,7 @@ index 678b4d5a..7c0f69c1 100644
5957 if(rc != LDAP_SUCCESS) {
6058 failf(data, "LDAP local: ERROR setting PEM CA cert: %s",
6159 ldap_err2string(rc));
62- @@ -453,7 +468,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
60+ @@ -453,20 +466,13 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
6361 else
6462 ldap_option = LDAP_OPT_X_TLS_NEVER;
6563
@@ -68,7 +66,36 @@ index 678b4d5a..7c0f69c1 100644
6866 if(rc != LDAP_SUCCESS) {
6967 failf(data, "LDAP local: ERROR setting cert verify mode: %s",
7068 ldap_err2string(rc));
71- @@ -502,15 +517,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
69+ result = CURLE_SSL_CERTPROBLEM;
70+ goto quit;
71+ }
72+ - server = ldap_init(host, conn->primary.remote_port);
73+ - if(!server) {
74+ - failf(data, "LDAP local: Cannot connect to %s:%u",
75+ - conn->host.dispname, conn->primary.remote_port);
76+ - result = CURLE_COULDNT_CONNECT;
77+ - goto quit;
78+ - }
79+ ldap_option = LDAP_OPT_X_TLS_HARD;
80+ rc = ldap_set_option(server, LDAP_OPT_X_TLS, &ldap_option);
81+ if(rc != LDAP_SUCCESS) {
82+ @@ -475,15 +481,6 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
83+ result = CURLE_SSL_CERTPROBLEM;
84+ goto quit;
85+ }
86+ - /*
87+ - rc = ldap_start_tls_s(server, NULL, NULL);
88+ - if(rc != LDAP_SUCCESS) {
89+ - failf(data, "LDAP local: ERROR starting SSL/TLS mode: %s",
90+ - ldap_err2string(rc));
91+ - result = CURLE_SSL_CERTPROBLEM;
92+ - goto quit;
93+ - }
94+ - */
95+ #else
96+ (void)ldap_option;
97+ (void)ldap_ca;
98+ @@ -502,15 +499,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
7299 result = CURLE_NOT_BUILT_IN;
73100 goto quit;
74101 }
@@ -81,7 +108,7 @@ index 678b4d5a..7c0f69c1 100644
81108- goto quit;
82109- }
83110- }
84- +
111+ +
85112 #ifdef USE_WIN32_LDAP
86113 ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
87114 rc = ldap_win_bind(data, server, user, passwd);
0 commit comments