===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sudo/Attic/ldap.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -c -r1.6 -r1.7
*** src/usr.bin/sudo/Attic/ldap.c	2008/01/07 14:10:08	1.6
--- src/usr.bin/sudo/Attic/ldap.c	2008/01/21 19:44:29	1.7
***************
*** 61,72 ****
  # include <lber.h>
  #endif
  #include <ldap.h>
  
  #include "sudo.h"
  #include "parse.h"
  
  #ifndef lint
! __unused static const char rcsid[] = "$Sudo: ldap.c,v 1.11.2.32 2008/01/05 23:27:10 millert Exp $";
  #endif /* lint */
  
  #ifndef LINE_MAX
--- 61,77 ----
  # include <lber.h>
  #endif
  #include <ldap.h>
+ #if defined(HAVE_LDAP_SSL_H)
+ # include <ldap_ssl.h>
+ #elif defined(HAVE_MPS_LDAP_SSL_H)
+ # include <mps/ldap_ssl.h>
+ #endif
  
  #include "sudo.h"
  #include "parse.h"
  
  #ifndef lint
! __unused static const char rcsid[] = "$Sudo: ldap.c,v 1.11.2.36 2008/01/21 16:08:26 millert Exp $";
  #endif /* lint */
  
  #ifndef LINE_MAX
***************
*** 136,141 ****
--- 141,148 ----
  #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT
      { "tls_checkpeer", CONF_BOOL, FALSE, LDAP_OPT_X_TLS_REQUIRE_CERT,
  	&ldap_conf.tls_checkpeer },
+ #else
+     { "tls_checkpeer", CONF_BOOL, FALSE, -1, &ldap_conf.tls_checkpeer },
  #endif
  #ifdef LDAP_OPT_X_TLS_CACERTFILE
      { "tls_cacertfile", CONF_STR, FALSE, LDAP_OPT_X_TLS_CACERTFILE,
***************
*** 810,820 ****
       * Interpret SSL option
       */
      if (ldap_conf.ssl != NULL) {
! 	    if (strcasecmp(ldap_conf.ssl, "start_tls") == 0)
! 		ldap_conf.ssl_mode = SUDO_LDAP_STARTTLS;
! 	    else if (_atobool(ldap_conf.ssl))
! 		ldap_conf.ssl_mode = SUDO_LDAP_SSL;
      }
  
  #ifndef HAVE_LDAP_INITIALIZE
      /* Convert uri list to host list if no ldap_initialize(). */
--- 817,834 ----
       * Interpret SSL option
       */
      if (ldap_conf.ssl != NULL) {
! 	if (strcasecmp(ldap_conf.ssl, "start_tls") == 0)
! 	    ldap_conf.ssl_mode = SUDO_LDAP_STARTTLS;
! 	else if (_atobool(ldap_conf.ssl))
! 	    ldap_conf.ssl_mode = SUDO_LDAP_SSL;
      }
+ 
+ #if defined(HAVE_LDAPSSL_SET_STRENGTH) && !defined(LDAP_OPT_X_TLS_REQUIRE_CERT)
+     if (ldap_conf.tls_checkpeer != -1) {
+ 	ldapssl_set_strength(NULL,
+ 	    ldap_conf.tls_checkpeer ? LDAPSSL_AUTH_CERT : LDAPSSL_AUTH_WEAK);
+     }
+ #endif
  
  #ifndef HAVE_LDAP_INITIALIZE
      /* Convert uri list to host list if no ldap_initialize(). */