Revert the STARTTLS fixes from the v1.0.x tree

git-svn-id: http://svn.apache.org/repos/asf/apr/apr-util/branches/1.0.x@124236 13f79535-47bb-0310-9956-ffa450edef68

9 files changed, 13 insertions, 284 deletions

diff --git a/CHANGES b/CHANGES
index 5ac50739..79405399 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,8 +1,5 @@
 Changes with APR-util 1.0.2
 
-  *) Teach apr_ldap_init() how to handle STARTTLS in addition to the existing
-     SSL support. Add apr_ldap_option API. [Graham Leggett]
-
   *) Make install passed a shell expanded list of header files to the
      build/install.sh script, which can only install one file at a time.
      Changed to install one header file at a time. [Justin Erenkrantz,
diff --git a/aprutil.dsp b/aprutil.dsp
index a37635d0..c70b2120 100644
--- a/aprutil.dsp
+++ b/aprutil.dsp
@@ -211,10 +211,6 @@ SOURCE=.\ldap\apr_ldap_init.c
 
 SOURCE=.\ldap\apr_ldap_url.c
 # End Source File
-# Begin Source File
-
-SOURCE=.\ldap\apr_ldap_option.c
-# End Source File
 # End Group
 # Begin Group "misc"
 
diff --git a/include/apr_ldap.h.in b/include/apr_ldap.h.in
index ed3c4c87..0bead420 100644
--- a/include/apr_ldap.h.in
+++ b/include/apr_ldap.h.in
@@ -75,7 +75,9 @@
 
 @lber_h@
 @ldap_h@
+#if APR_HAS_LDAP_SSL 
 @ldap_ssl_h@
+#endif
 
 
 /*
@@ -130,7 +132,7 @@ typedef struct apr_ldap_err_t {
 
 #include "apr_ldap_url.h"
 #include "apr_ldap_init.h"
-#include "apr_ldap_option.h"
+
 
 /** @} */
 #endif /* APR_HAS_LDAP */
diff --git a/include/apr_ldap.hnw b/include/apr_ldap.hnw
index 6a3c15fa..5a280114 100644
--- a/include/apr_ldap.hnw
+++ b/include/apr_ldap.hnw
@@ -132,7 +132,7 @@ typedef struct apr_ldap_err_t {
 
 #include "apr_ldap_url.h"
 #include "apr_ldap_init.h"
-#include "apr_ldap_option.h"
+
 
 /** @} */
 #endif /* APR_HAS_LDAP */
diff --git a/include/apr_ldap.hw b/include/apr_ldap.hw
index b70b4cdb..64cf055b 100644
--- a/include/apr_ldap.hw
+++ b/include/apr_ldap.hw
@@ -128,7 +128,7 @@ typedef struct apr_ldap_err_t {
 
 #include "apr_ldap_url.h"
 #include "apr_ldap_init.h"
-#include "apr_ldap_option.h"
+
 
 /** @} */
 #endif /* APR_HAS_LDAP */
diff --git a/include/apr_ldap_option.h b/include/apr_ldap_option.h
deleted file mode 100644
index a425e5d8..00000000
--- a/include/apr_ldap_option.h
+++ /dev/null
@@ -1,115 +0,0 @@
-/* Copyright 2000-2004 The Apache Software Foundation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * @file apr_ldap_option.h
- * @brief  APR-UTIL LDAP ldap_*_option() functions
- */
-#ifndef APR_LDAP_OPTION_H
-#define APR_LDAP_OPTION_H
-
-/**
- * @defgroup APR_Util_LDAP LDAP
- * @ingroup APR_Util
- * @{
- */
-
-#include "apr_ldap.h"
-
-#if APR_HAS_LDAP
-
-/*
- * The following defines handle the different TLS certificate
- * options available. If these options are missing, APR will try and
- * emulate support for this using the derecated ldap_start_tls_s()
- * function.
- */
-#ifdef LDAP_OPT_X_TLS_NEVER
-#define APR_LDAP_OPT_TLS_NEVER LDAP_OPT_X_TLS_NEVER
-#else
-#define APR_LDAP_OPT_TLS_NEVER 0
-#endif
-
-#ifdef LDAP_OPT_X_TLS_HARD
-#define APR_LDAP_OPT_TLS_HARD LDAP_OPT_X_TLS_HARD
-#else
-#define APR_LDAP_OPT_TLS_HARD 1
-#endif
-
-#ifdef LDAP_OPT_X_TLS_DEMAND
-#define APR_LDAP_OPT_TLS_DEMAND LDAP_OPT_X_TLS_DEMAND
-#else
-#define APR_LDAP_OPT_TLS_DEMAND 2
-#endif
-
-#ifdef LDAP_OPT_X_TLS_ALLOW
-#define APR_LDAP_OPT_TLS_ALLOW LDAP_OPT_X_TLS_ALLOW
-#else
-#define APR_LDAP_OPT_TLS_ALLOW 3
-#endif
-
-#ifdef LDAP_OPT_X_TLS_TRY
-#define APR_LDAP_OPT_TLS_TRY LDAP_OPT_X_TLS_TRY
-#else
-#define APR_LDAP_OPT_TLS_TRY 4
-#endif
-
-
-/**
- * APR LDAP get option function
- *
- * This function gets option values from a given LDAP session if
- * one was specified. It maps to the native ldap_get_option() function.
- * @param pool The pool to use
- * @param ldap The LDAP handle
- * @param option The LDAP_OPT_* option to return
- * @param outvalue The value returned (if any)
- * @param result_err The apr_ldap_err_t structure contained detailed results
- *        of the operation.
- */
-APU_DECLARE(int) apr_ldap_get_option(apr_pool_t *pool,
-                                     LDAP *ldap,
-                                     int option,
-                                     void *outvalue,
-                                     apr_ldap_err_t **result_err);
-
-/**
- * APR LDAP set option function
- * 
- * This function sets option values to a given LDAP session if
- * one was specified. It maps to the native ldap_set_option() function.
- * 
- * Where an option is not supported by an LDAP toolkit, this function
- * will try and apply legacy functions to achieve the same effect,
- * depending on the platform.
- * @param pool The pool to use
- * @param ldap The LDAP handle
- * @param option The LDAP_OPT_* option to set
- * @param invalue The value to set
- * @param result_err The apr_ldap_err_t structure contained detailed results
- *        of the operation.
- */
-APU_DECLARE(int) apr_ldap_set_option(apr_pool_t *pool,
-                                     LDAP *ldap,
-                                     int option,
-                                     const void *invalue,
-                                     apr_ldap_err_t **result_err);
-
-#endif /* APR_HAS_LDAP */
-
-/** @} */
-
-#endif /* APR_LDAP_OPTION_H */
-
diff --git a/ldap/apr_ldap_init.c b/ldap/apr_ldap_init.c
index e8555c6e..b4079dec 100644
--- a/ldap/apr_ldap_init.c
+++ b/ldap/apr_ldap_init.c
@@ -298,16 +298,6 @@ APU_DECLARE(int) apr_ldap_ssl_deinit(void) {
  * to hide the complexity setup from the user. This function
  * assumes that any certificate setup necessary has already
  * been done.
- *
- * If SSL or STARTTLS needs to be enabled, and the underlying
- * toolkit supports it, the following values are accepted for
- * secure:
- *
- * APR_LDAP_OPT_TLS_NEVER: No encryption
- * APR_LDAP_OPT_TLS_HARD: SSL encryption (ldaps://)
- * APR_LDAP_OPT_TLS_DEMAND: Force STARTTLS on ldap://
- * APR_LDAP_OPT_TLS_ALLOW: Allow STARTTLS on ldap://
- * APR_LDAP_OPT_TLS_TRY: Optionally try STARTLS on ldap://
  */
 APU_DECLARE(int) apr_ldap_init(apr_pool_t *pool,
                                LDAP **ldap,
@@ -343,20 +333,19 @@ APU_DECLARE(int) apr_ldap_init(apr_pool_t *pool,
 #ifdef LDAP_OPT_X_TLS
             *ldap = ldap_init(hostname, portno);
             if (NULL != *ldap) {
-                int SSLmode = secure;
+                int SSLmode = LDAP_OPT_X_TLS_HARD;
                 result->rc = ldap_set_option(*ldap, LDAP_OPT_X_TLS, &SSLmode);
                 if (LDAP_SUCCESS != result->rc) {
                     ldap_unbind_s(*ldap);
-                    result->reason = "LDAP: ldap_set_option failed, "
-                                     "could not set security mode for "
-                                     "apr_ldap_init()";
+                    result->reason = "LDAP: ldap_set_option - "
+                                     "LDAP_OPT_X_TLS_HARD failed";
                     result->msg = ldap_err2string(result->rc);
                     *ldap = NULL;
                     return APR_EGENERAL;
                 }
             }
 #else
-            result->reason = "LDAP: SSL/TLS not yet supported by APR on this "
+            result->reason = "LDAP: SSL not yet supported by APR on this "
                              "version of the OpenLDAP toolkit";
             return APR_ENOTIMPL;
 #endif
@@ -364,46 +353,13 @@ APU_DECLARE(int) apr_ldap_init(apr_pool_t *pool,
 
         /* microsoft toolkit */
         else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_MICROSOFT)) {
-            if (APR_LDAP_OPT_TLS_HARD == secure) {
 #if APR_HAS_LDAP_SSLINIT
-                *ldap = ldap_sslinit((char *)hostname, portno, 1);
-#else
-                result->reason = "LDAP: ldap_sslinit() not yet supported by APR on "
-                                 "this version of the Microsoft toolkit";
-                return APR_ENOTIMPL;
-#endif
-            }
-            else {
-#if APR_HAS_LDAP_START_TLS_S
-                if (APR_LDAP_OPT_TLS_DEMAND == secure) {
-                    *ldap = ldap_init(hostname, portno);
-                    if (NULL != *ldap) {
-                        result->rc = ldap_start_tls_s(*ldap, NULL, NULL, NULL, NULL);
-                        if (LDAP_SUCCESS != result->rc) {
-                            ldap_unbind_s(*ldap);
-                            result->reason = "LDAP: ldap_start_tls_s() failed, "
-                                             "could not set STARTTLS mode for "
-                                             "apr_ldap_init()";
-                            result->msg = ldap_err2string(result->rc);
-                            *ldap = NULL;
-                            return APR_EGENERAL;
-                        }
-                    }
-                }
-                else {
-                    result->reason = "LDAP: APR_LDAP_OPT_TLS_ALLOW and "
-                                     "APR_LDAP_OPT_TLS_TRY are not supported "
-                                     "by APR on this version of the Microsoft "
-                                     "toolkit. Use APR_LDAP_OPT_TLS_DEMAND "
-                                     "instead to enable STARTTLS";
-                    return APR_ENOTIMPL;
-                }
+            *ldap = ldap_sslinit((char *)hostname, portno, 1);
 #else
-                result->reason = "LDAP: ldap_start_tls_s() not yet supported "
-                                 "by APR on this version of the Microsoft toolkit";
-                return APR_ENOTIMPL;
+            result->reason = "LDAP: SSL not yet supported by APR on "
+                             "this version of the Microsoft toolkit";
+            return APR_ENOTIMPL;
 #endif
-            }
         }
 
         /* sun toolkit */
diff --git a/ldap/apr_ldap_option.c b/ldap/apr_ldap_option.c
deleted file mode 100644
index a0aec2d9..00000000
--- a/ldap/apr_ldap_option.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/* Copyright 2000-2004 The Apache Software Foundation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*  apr_ldap_option.c -- LDAP options
- *
- *  The LDAP SDK allows the getting and setting of options on an LDAP
- *  connection.
- *
- */
-
-#include <apu.h>
-#include <apr_ldap.h>
-#include <apr_errno.h>
-#include <apr_pools.h>
-#include <apr_strings.h>
-
-#if APR_HAS_LDAP
-
-/**
- * APR LDAP get option function
- *
- * This function gets option values from a given LDAP session if
- * one was specified.
- */
-APU_DECLARE(int) apr_ldap_get_option(apr_pool_t *pool,
-                                     LDAP *ldap,
-                                     int option,
-                                     void *outvalue,
-                                     apr_ldap_err_t **result_err) {
-
-    apr_ldap_err_t *result;
-
-    result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
-    *result_err = result;
-    if (!result) {
-        return APR_ENOMEM;
-    }
-
-    /* get the option specified using the native LDAP function */
-    result->rc = ldap_get_option(ldap, option, outvalue);
-
-    /* handle the error case */
-    if (LDAP_SUCCESS != result->rc) {
-        result->msg = ldap_err2string(result-> rc);
-        result->reason = apr_pstrdup (pool, "LDAP: Could not get an option");
-        return APR_EGENERAL;
-    }
-
-    return APR_SUCCESS;
-
-} 
-
-/**
- * APR LDAP set option function
- *
- * This function sets option values to a given LDAP session if
- * one was specified.
- *
- * Where an option is not supported by an LDAP toolkit, this function
- * will try and apply legacy functions to achieve the same effect,
- * depending on the platform.
- */
-APU_DECLARE(int) apr_ldap_set_option(apr_pool_t *pool,
-                                     LDAP *ldap,
-                                     int option,
-                                     const void *invalue,
-                                     apr_ldap_err_t **result_err) {
-
-    apr_ldap_err_t *result;
-
-    result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
-    *result_err = result;
-    if (!result) {
-        return APR_ENOMEM;
-    }
-
-    /* set the option specified using the native LDAP function */
-    result->rc = ldap_set_option(ldap, option, (void *)invalue);
-
-    /* handle the error case */
-    if (LDAP_SUCCESS != result->rc) {
-        result->msg = ldap_err2string(result-> rc);
-        result->reason = apr_pstrdup (pool, "LDAP: Could not get an option");
-        return APR_EGENERAL;
-    }
-
-    return APR_SUCCESS;
-
-}
-
-#endif /* APR_HAS_LDAP */
diff --git a/libaprutil.dsp b/libaprutil.dsp
index fc06e3c7..ace7decc 100644
--- a/libaprutil.dsp
+++ b/libaprutil.dsp
@@ -217,10 +217,6 @@ SOURCE=.\ldap\apr_ldap_init.c
 
 SOURCE=.\ldap\apr_ldap_url.c
 # End Source File
-# Begin Source File
-
-SOURCE=.\ldap\apr_ldap_option.c
-# End Source File 
 # End Group
 # Begin Group "misc"