From c2c4f641e91c8a0f84948b9eabd70d3d97ee25a8 Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Fri, 6 Jun 2008 18:22:08 +0000
Subject: check that all URLs start with https:// if "ssl on" is specified

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@750 ef36b2f9-881f-0410-afb5-c4e39611909c
---
 nslcd/cfg.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/nslcd/cfg.c b/nslcd/cfg.c
index 1b0b198..ecfba06 100644
--- a/nslcd/cfg.c
+++ b/nslcd/cfg.c
@@ -878,6 +878,7 @@ static void cfg_read(const char *filename,struct ldap_config *cfg)
 
 void cfg_init(const char *fname)
 {
+  int i;
   /* check if we were called before */
   if (nslcd_cfg!=NULL)
   {
@@ -901,4 +902,15 @@ void cfg_init(const char *fname)
     log_log(LOG_ERR,"no URIs defined in config");
     exit(EXIT_FAILURE);
   }
+  /* if ssl is on each URI should start with https */
+  if (nslcd_cfg->ldc_ssl_on==SSL_LDAPS)
+  {
+    for (i=0;nslcd_cfg->ldc_uris[i].uri!=NULL;i++)
+    {
+      if (strncasecmp(nslcd_cfg->ldc_uris[i].uri,"https://",8)!=0)
+        log_log(LOG_WARNING,"%s doesn't start with https:// and \"ssl on\" is specified",
+                            nslcd_cfg->ldc_uris[i].uri);
+    }
+  }
+  /* TODO: check that if some tls options are set the ssl option should be set to on (just warn) */
 }
-- 
cgit v1.2.3