Revert "move newctx atfer setoptions"

remicollet · remicollet · commit 6dc899d40158 · 2025-02-27T15:53:54.000+01:00
This reverts commit f2f5b19.
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
@@ -3698,7 +3698,7 @@ PHP_FUNCTION(ldap_start_tls)
 {
 	zval *link;
 	ldap_linkdata *ld;
-	int rc, protocol = LDAP_VERSION3, val = 0;
+	int rc, protocol = LDAP_VERSION3;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "O", &link, ldap_link_ce) != SUCCESS) {
 		RETURN_THROWS();
@@ -3707,10 +3707,18 @@ PHP_FUNCTION(ldap_start_tls)
 	ld = Z_LDAP_LINK_P(link);
 	VERIFY_LDAP_LINK_CONNECTED(ld);
 
-	if (((rc = ldap_set_option(ld->link, LDAP_OPT_PROTOCOL_VERSION, &protocol)) != LDAP_SUCCESS) ||
 #ifdef LDAP_OPT_X_TLS_NEWCTX
-		((rc = ldap_set_option(ld->link, LDAP_OPT_X_TLS_NEWCTX, &val)) != LDAP_OPT_SUCCESS) ||
+	{
+		int val = 0;
+
+		/* ensure all pending TLS options are applied in a new context */
+		if (ldap_set_option(ld->link, LDAP_OPT_X_TLS_NEWCTX, &val) != LDAP_OPT_SUCCESS) {
+			php_error_docref(NULL, E_WARNING, "Could not create new security context");
+		}
+	}
 #endif
+
+	if (((rc = ldap_set_option(ld->link, LDAP_OPT_PROTOCOL_VERSION, &protocol)) != LDAP_SUCCESS) ||
 		((rc = ldap_start_tls_s(ld->link, NULL, NULL)) != LDAP_SUCCESS)
 	) {
 		php_error_docref(NULL, E_WARNING,"Unable to start TLS: %s", ldap_err2string(rc));
