From 2dd5d86c44231e570a62277f92e08d1fb741841f Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 21 Oct 2015 09:58:28 +0200
Subject: Always load default verify locations too when using cert validation.
 Also quit when initial connect fails in SSL mode.

---
 server.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'server.c')

diff --git a/server.c b/server.c
index c4f8eb9..3d02eb4 100644
--- a/server.c
+++ b/server.c
@@ -20,6 +20,7 @@
 #define MAX_SERVERS 10
 static server_t *servers = NULL;
 static int serverCount = 0;
+static BOOL connectionInitDone = FALSE;
 
 static void server_init();
 static server_t *server_create(const char *server);
@@ -88,6 +89,7 @@ void server_setCaBundle(const char *server, const char *file)
 {
 	server_t *entry = server_create(server);
 	if (entry == NULL) return;
+	if (file == NULL || *file == '\0') return;
 	int fh = open(file, O_RDONLY);
 	if (fh == -1) {
 		printf("Error: cabundle '%s' not readable.\n", file);
@@ -171,6 +173,7 @@ BOOL server_initServers()
 		if (!server_ensureConnected(&servers[i]))
 			return FALSE;
 	}
+	connectionInitDone = TRUE;
 	return TRUE;
 }
 
@@ -496,7 +499,9 @@ static BOOL server_ensureConnected(server_t *server)
 		printf("[Server] Creating socket for shared connection failed.\n");
 		return FALSE;
 	}
-	helper_nonblock(sock);
+	if (connectionInitDone) {
+		helper_nonblock(sock);
+	}
 	con->fd = sock;
 	con->callback = &server_callback;
 	if (ePoll_add(EPOLLIN | EPOLLOUT | EPOLLET, (epoll_item_t*)con) == -1) {
@@ -512,6 +517,9 @@ static BOOL server_ensureConnected(server_t *server)
 		con->fd = -1;
 		return FALSE;
 	}
+	if (!connectionInitDone) {
+		helper_nonblock(sock);
+	}
 	// Now bind - TODO: SASL (DIGEST-MD5?)
 	const size_t bodyLen = fmt_ldapbindrequest(NULL, 3, server->bind, server->password);
 	const size_t headerLen = fmt_ldapmessage(NULL, MSGID_BIND, BindRequest, bodyLen);
-- 
cgit v1.2.3-55-g7522