From 78e17a285caf43585f43ef2d7f3f970c4b79b2f5 Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Fri, 2 Oct 2015 16:07:02 -0500
Subject: [PATCH] Abort certificate load process on initial CA certificate
 retrieval failure

---
 src/ldapbonding.cpp | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/ldapbonding.cpp b/src/ldapbonding.cpp
index abe4e95..f7ef751 100644
--- a/src/ldapbonding.cpp
+++ b/src/ldapbonding.cpp
@@ -283,13 +283,15 @@ void LDAPConfig::save() {
 			if (ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PUBLICDIR + m_realms[m_clientRealmConfig.defaultRealm].admin_server + ".ldap.crt", &errorstring) != 0) {
 				KMessageBox::sorry(this, i18n("<qt><b>Unable to obtain root certificate for realm %1!</b><p>Details: %2</qt>").arg(m_clientRealmConfig.defaultRealm.upper()).arg(errorstring), i18n("Unable to Obtain Certificate"));
 			}
-			if (ldap_mgr->installCACertificateInHostCAStore(&errorstring) != 0) {
-				KMessageBox::sorry(this, i18n("<qt><b>Unable to install root CA certificate for realm %1!</b><p>Details: %2</qt>").arg(m_clientRealmConfig.defaultRealm.upper()).arg(errorstring), i18n("Unable to Install Root CA"));
-			}
+			else {
+				if (ldap_mgr->installCACertificateInHostCAStore(&errorstring) != 0) {
+					KMessageBox::sorry(this, i18n("<qt><b>Unable to install root CA certificate for realm %1!</b><p>Details: %2</qt>").arg(m_clientRealmConfig.defaultRealm.upper()).arg(errorstring), i18n("Unable to Install Root CA"));
+				}
 
-			// Get and install the CA root CRL from LDAP
-			if (ldap_mgr->retrieveAndInstallCaCrl(ldap_mgr, &errorstring) != 0) {
-				KMessageBox::sorry(this, i18n("<qt><b>Unable to obtain root CRL for realm %1!</b><p>Details: %2</qt>").arg(m_clientRealmConfig.defaultRealm.upper()).arg(errorstring), i18n("Unable to Obtain CRL"));
+				// Get and install the CA root CRL from LDAP
+				if (ldap_mgr->retrieveAndInstallCaCrl(ldap_mgr, &errorstring) != 0) {
+					KMessageBox::sorry(this, i18n("<qt><b>Unable to obtain root CRL for realm %1!</b><p>Details: %2</qt>").arg(m_clientRealmConfig.defaultRealm.upper()).arg(errorstring), i18n("Unable to Obtain CRL"));
+				}
 			}
 	
 			delete ldap_mgr;