Blame SOURCES/pam_pkcs11-default-ssl.patch
|
 |
ac2449 |
diff -up ./src/mappers/ldap_mapper.c.default_ssl ./src/mappers/ldap_mapper.c
|
|
|
ac2449 |
--- ./src/mappers/ldap_mapper.c.default_ssl 2013-08-13 16:35:28.000000000 -0700
|
|
|
ac2449 |
+++ ./src/mappers/ldap_mapper.c 2013-08-13 16:38:19.000000000 -0700
|
|
|
ac2449 |
@@ -822,13 +822,15 @@ static int read_config(scconf_block *blk
|
|
|
ac2449 |
ignorecase = scconf_get_bool(blk,"ignorecase",ignorecase);
|
|
|
ac2449 |
searchtimeout = scconf_get_int(blk,"searchtimeout",searchtimeout);
|
|
|
ac2449 |
|
|
|
ac2449 |
- ssltls = scconf_get_str(blk,"ssl","off");
|
|
|
ac2449 |
+ ssltls = scconf_get_str(blk,"ssl","default");
|
|
|
ac2449 |
if (! strncasecmp (ssltls, "tls", 3))
|
|
|
ac2449 |
ssl_on = SSL_START_TLS;
|
|
|
ac2449 |
else if( ! strncasecmp (ssltls, "on", 2))
|
|
|
ac2449 |
ssl_on = SSL_LDAPS;
|
|
|
ac2449 |
else if( ! strncasecmp (ssltls, "ssl", 3))
|
|
|
ac2449 |
ssl_on = SSL_LDAPS;
|
|
|
ac2449 |
+ else if ( ! strncasecmp (ssltls, "default", 7) && (ldapport == 636))
|
|
|
ac2449 |
+ ssl_on = SSL_LDAPS; /* if we didn't set the ssl variable, and the port is the ssl port, turn on ssl */
|
|
|
ac2449 |
|
|
|
ac2449 |
#if defined HAVE_LDAP_START_TLS_S || (defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS))
|
|
|
ac2449 |
/* TLS specific options */
|