wldap32: Skip over the TLS certificate check if not using TLS.

dlls/wldap32/init.c

@@ -271,17 +271,17 @@ ULONG CDECL WLDAP32_ldap_connect( LDAP *ld, struct l_timeval *timeout )
         if ((ret = ldap_get_option( CTX(ld), LDAP_OPT_X_TLS_SSL_CTX, &tls_context )))
             return map_error( ret );
 
-        if (QueryContextAttributesA( tls_context, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &cert ) != SEC_E_OK)
-            return WLDAP32_LDAP_SERVER_DOWN;
-
-        if (cert_callback( ld, &cert ))
-        {
-            TRACE( "accepted\n" );
-        }
-        else
+        if (QueryContextAttributesA( tls_context, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &cert ) == SEC_E_OK)
         {
-            WARN( "rejected\n" );
-            return WLDAP32_LDAP_SERVER_DOWN;
+            if (cert_callback( ld, &cert ))
+            {
+                TRACE( "accepted\n" );
+            }
+            else
+            {
+                WARN( "rejected\n" );
+                return WLDAP32_LDAP_SERVER_DOWN;
+            }
         }
     }
 

dlls/wldap32/tests/parse.c

@@ -586,6 +586,8 @@ static void test_opt_server_certificate(void)
     ok( !ret, "ldap_set_optionA should succeed, got %#lx\n", ret );
     ret = ldap_set_optionA( ld, LDAP_OPT_SERVER_CERTIFICATE, &verify_certificate );
     ok( !ret, "ldap_set_optionA should succeed, got %#lx\n", ret );
+    ret = ldap_connect( ld, NULL );
+    ok( !ret, "ldap_connect should succeed, got %#lx\n", ret );
     ret = ldap_start_tls_sA( ld, NULL, NULL, NULL, NULL );
     ok( ret == LDAP_LOCAL_ERROR, "ldap_start_tls_sA should fail, got %#lx\n", ret );
     ldap_unbind( ld );