Alex Henrie : wldap32: Skip over the TLS certificate check if not using TLS. - wine-commits

4 Apr 2023

Module: wine
Branch: master
Commit: 12b5da66e9b7ead4e0f09b5880988e7a4a78610e
URL:    https://gitlab.winehq.org/wine/wine/-/commit/12b5da66e9b7ead4e0f09b5880988e7...
Author: Alex Henrie alexhenrie24@gmail.com
Date:   Mon Apr  3 23:42:27 2023 -0600
wldap32: Skip over the TLS certificate check if not using TLS.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=54772
---
dlls/wldap32/init.c        | 20 ++++++++++----------
 dlls/wldap32/tests/parse.c |  2 ++
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/dlls/wldap32/init.c b/dlls/wldap32/init.c
index e68782add8d..f1fd33cd34e 100644
--- a/dlls/wldap32/init.c
+++ b/dlls/wldap32/init.c
@@ -271,17 +271,17 @@ ULONG CDECL WLDAP32_ldap_connect( LDAP *ld, struct l_timeval *timeout )
         if ((ret = ldap_get_option( CTX(ld), LDAP_OPT_X_TLS_SSL_CTX, &tls_context )))
             return map_error( ret );
-        if (QueryContextAttributesA( tls_context, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &cert ) != SEC_E_OK)
-            return WLDAP32_LDAP_SERVER_DOWN;
-
-        if (cert_callback( ld, &cert ))
-        {
-            TRACE( "accepted\n" );
-        }
-        else
+        if (QueryContextAttributesA( tls_context, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &cert ) == SEC_E_OK)
         {
-            WARN( "rejected\n" );
-            return WLDAP32_LDAP_SERVER_DOWN;
+            if (cert_callback( ld, &cert ))
+            {
+                TRACE( "accepted\n" );
+            }
+            else
+            {
+                WARN( "rejected\n" );
+                return WLDAP32_LDAP_SERVER_DOWN;
+            }
         }
     }
diff --git a/dlls/wldap32/tests/parse.c b/dlls/wldap32/tests/parse.c
index 15a24716305..995297cce10 100644
--- a/dlls/wldap32/tests/parse.c
+++ b/dlls/wldap32/tests/parse.c
@@ -586,6 +586,8 @@ static void test_opt_server_certificate(void)
     ok( !ret, "ldap_set_optionA should succeed, got %#lx\n", ret );
     ret = ldap_set_optionA( ld, LDAP_OPT_SERVER_CERTIFICATE, &verify_certificate );
     ok( !ret, "ldap_set_optionA should succeed, got %#lx\n", ret );
+    ret = ldap_connect( ld, NULL );
+    ok( !ret, "ldap_connect should succeed, got %#lx\n", ret );
     ret = ldap_start_tls_sA( ld, NULL, NULL, NULL, NULL );
     ok( ret == LDAP_LOCAL_ERROR, "ldap_start_tls_sA should fail, got %#lx\n", ret );
     ldap_unbind( ld );

    