Attachment 19395 Details for Bug 41352 – correct current openldap client cert behavior, prepare for future support

[patch] correct current openldap client cert behavior, prepare for future support

openldap_tls_option.diff (text/plain), 1.22 KB, created by Eric Covener on 2007-01-11 09:32:32 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Eric Covener

Created: 2007-01-11 09:32:32 UTC

Size: 1.22 KB

patch

obsolete

>Index: ldap/apr_ldap_option.c
>===================================================================
>--- ldap/apr_ldap_option.c	(revision 469464)
>+++ ldap/apr_ldap_option.c	(working copy)
>@@ -531,6 +531,15 @@
>     /* OpenLDAP SDK */
> #if APR_HAS_OPENLDAP_LDAPSDK
> #ifdef LDAP_OPT_X_TLS_CACERTFILE
>+#ifndef LDAP_OPT_X_TLS_NEWCTX 
>+    if (ldap) {
>+        result->reason = "LDAP: The OpenLDAP SDK cannot support the setting "
>+                         "of certificates or keys on a per connection basis.";
>+        result->rc = -1;
>+        return; 
>+    }
>+#endif
>+
>     /* set one or more certificates */
>     /* FIXME: make it support setting directories as well as files */
>     for (i = 0; i < certs->nelts; i++) {
>@@ -561,6 +570,15 @@
>             break;
>         }
>     }
>+    /*  Certificate settings are now configured, but we also need a new
>+     *  TLS context to be created.
>+     */
>+    if (ldap && (result->rc == LDAP_SUCCESS)) {
>+        int IS_SERVER = 0;
>+        result->rc = ldap_set_option(ldap, LDAP_OPT_X_TLS_NEWCTX, &IS_SERVER);
>+        result->msg = ldap_err2string(result->rc);
>+    }
>+
> #else
>     result->reason = "LDAP: LDAP_OPT_X_TLS_CACERTFILE not "
>                      "defined by this OpenLDAP SDK. Certificate "

Actions: View | Diff

Attachments on bug 41352: 19395 | 21197