2 files changed, 27 insertions, 28 deletions
diff --git a/keyserver/ChangeLog b/keyserver/ChangeLog
index 1911b7e3c..e364daf31 100644
--- a/keyserver/ChangeLog
+++ b/keyserver/ChangeLog
@@ -1,3 +1,11 @@
+2004-07-27  David Shaw  <[email protected]>
+
+	* gpgkeys_ldap.c (main): Don't try and error out before making a
+	ldaps connection to the NAI keyserver since we cannot tell if it
+	is a NAI keyserver until we connect.  Fail if we cannot find a
+	base keyspace DN.  Fix a false success message for TLS being
+	enabled.
+
 2004-07-20  Werner Koch  <[email protected]>
 
 	* gpgkeys_ldap.c [_WIN32]: Include Windows specific header files.
diff --git a/keyserver/gpgkeys_ldap.c b/keyserver/gpgkeys_ldap.c
index a1c50f28c..9db0026c8 100644
--- a/keyserver/gpgkeys_ldap.c
+++ b/keyserver/gpgkeys_ldap.c
@@ -1699,38 +1699,28 @@ main(int argc,char *argv[])
 
   if(use_ssl)
     {
-      if(!real_ldap)
-      	{
-      	  fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
-      		  "not supported by the NAI LDAP keyserver");
-      	  fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
-      	  goto fail;
-      	}
-      else
-      	{
 #if defined(LDAP_OPT_X_TLS_HARD) && defined(HAVE_LDAP_SET_OPTION)
-	  int ssl=LDAP_OPT_X_TLS_HARD;
-	  err=ldap_set_option(ldap,LDAP_OPT_X_TLS,&ssl);
-	  if(err!=LDAP_SUCCESS)
-	    {
-	      fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
-		      ldap_err2string(err));
-	      fail_all(keylist,action,ldap_err_to_gpg_err(err));
-	      goto fail;
-	    }
-#else
+      int ssl=LDAP_OPT_X_TLS_HARD;
+      err=ldap_set_option(ldap,LDAP_OPT_X_TLS,&ssl);
+      if(err!=LDAP_SUCCESS)
+	{
 	  fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
-		  "not built with LDAPS support");
-	  fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
+		  ldap_err2string(err));
+	  fail_all(keylist,action,ldap_err_to_gpg_err(err));
 	  goto fail;
-#endif
 	}
+#else
+      fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
+	      "not built with LDAPS support");
+      fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
+      goto fail;
+#endif
     }
 
-  if((err=find_basekeyspacedn()))
+  if((err=find_basekeyspacedn()) || !basekeyspacedn)
     {
       fprintf(console,"gpgkeys: unable to retrieve LDAP base: %s\n",
-	      ldap_err2string(err));
+	      err?ldap_err2string(err):"not found");
       fail_all(keylist,action,ldap_err_to_gpg_err(err));
       goto fail;
     }
@@ -1761,10 +1751,11 @@ main(int argc,char *argv[])
 	  if(err==LDAP_SUCCESS)
 	    err=ldap_start_tls_s(ldap,NULL,NULL);
 
-	  if(err!=LDAP_SUCCESS && use_tls>=2)
+	  if(err!=LDAP_SUCCESS)
 	    {
-	      fprintf(console,"gpgkeys: unable to start TLS: %s\n",
-		      ldap_err2string(err));
+	      if(use_tls==2 || verbose>2)
+		fprintf(console,"gpgkeys: unable to start TLS: %s\n",
+			ldap_err2string(err));
 	      /* Are we forcing it? */
 	      if(use_tls==3)
 		{
@@ -1772,7 +1763,7 @@ main(int argc,char *argv[])
 		  goto fail;
 		}
 	    }
-	  else if(verbose>1)
+	  else if(err==LDAP_SUCCESS && verbose>1)
 	    fprintf(console,"gpgkeys: TLS started successfully.\n");
 #else
 	  if(use_tls>=2)