diff --git a/ldap.init b/ldap.init
index 6b224ee..f790f68 100644
--- a/ldap.init
+++ b/ldap.init
@@ -150,17 +150,16 @@ function configtest() {
 	fi
 	# Unaccessible TLS configuration files.
 	if [ -d $configdir ]; then
-		tlsconfigs=`LANG=C awk '/^olcTLS/ {
-				while (/^olcTLS/) {
-					if (/^olc(TLSCertificateKeyFile|TLSCertificateFile|TLSCACertificateFile)[ \t]*:[\t]*/) {
-						do { printf gensub(/^ /,"",1); getline } while (/^ /)
-						printf "\n" ;
-					}
-					else break; 
-				}
-			}' $configdir/cn\=config.ldif | awk '{print $2}'`
+		tlsconfigs=$(LANG=C sed \
+			-e '/^olcTLS\(CertificateFile\|CertificateKeyFile\|CACertificateFile\)/!d' \
+			-e ':a;N;s/\n //;ta;P;D' "${configdir}/cn=config.ldif" | \
+			awk '{print $2}' | sort -u
+		)
 	elif [ -f $configfile ]; then
-		tlsconfigs=`LANG=C egrep '^(TLSCACertificateFile|TLSCertificateFile|TLSCertificateKeyFile)[[:space:]]+' $configfile | awk '{print $2}'`
+		tlsconfigs=$(LANG=C egrep \
+			'^(TLSCACertificateFile|TLSCertificateFile|TLSCertificateKeyFile)[[:space:]]+' $configfile | \
+			awk '{print $2}' | sort -u
+		)
 	fi
 	for file in $tlsconfigs ; do
 		if ! testasuser $user -r $file ; then
diff --git a/openldap.spec b/openldap.spec
index 951ca7d..47709d2 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -644,6 +644,7 @@ exit 0
 
 %changelog
 * Mon Nov 01 2010 Jan Vcelak <jvcelak@redhat.com> 2.4.23-2
+- fix possible infinite loop when checking permissions of TLS files (#641946)
 - removed outdated autofs.schema (#643045)
 - removed outdated README.upgrade
 - removed relics of migrationtools