summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/doc-txt/ChangeLog4
-rw-r--r--src/src/lookups/ldap.c7
2 files changed, 10 insertions, 1 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 3a75ce0d6..b41783d71 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -65,6 +65,10 @@ TK/01 Bugzilla 1239 - fix DKIM verification when signature was not inserted
JH/01 Bugzilla 660 - Multi-valued attributes from ldap now parseable as a
comma-sep list; embedded commas doubled.
+PP/15 LDAP: Check for errors of TLS initialisation, to give correct
+ diagnostics.
+ Report and patch from Dmitry Banschikov.
+
Exim version 4.77
-----------------
diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index 698928a6a..5c1ea0b56 100644
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -523,7 +523,12 @@ if (!lcp->bound ||
/* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this: */
if (eldap_start_tls)
{
- ldap_start_tls_s(lcp->ld, NULL, NULL);
+ if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS) {
+ *errmsg = string_sprintf("failed to initiate TLS processing on an "
+ "LDAP session to server %s%s - ldap_start_tls_s() returned %d:"
+ " %s", host, porttext, rc, ldap_err2string(rc));
+ goto RETURN_ERROR;
+ }
}
#endif
if ((msgid = ldap_bind(lcp->ld, CS user, CS password, LDAP_AUTH_SIMPLE))