[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: StartTLS URL extension

To: Philip Guenther <guenther+ldapdev@sendmail.com>
Subject: Re: StartTLS URL extension
From: Howard Chu <hyc@symas.com>
Date: Mon, 06 Oct 2008 17:25:09 -0700
Cc: OpenLDAP-devel@openldap.org
In-reply-to: <alpine.BSO.1.10.0810061602470.9157@vanye.sendmail.com>
References: <48E97964.6070300@symas.com> <E1KmiYZ-003VPH-Eu@intern.SerNet.DE> <48E9F7C0.4060707@stroeder.com> <48E9F898.1080106@sys-net.it> <48EA221F.10004@stroeder.com> <alpine.BSO.1.10.0810060750070.9157@vanye.sendmail.com> <48EA7A22.10005@stroeder.com> <alpine.BSO.1.10.0810061415570.9157@vanye.sendmail.com> <48EA89B3.4050701@stroeder.com> <48EA8E41.3010006@symas.com> <alpine.BSO.1.10.0810061602470.9157@vanye.sendmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1b1pre) Gecko/20081004 SeaMonkey/2.0a1pre

Philip Guenther wrote:

On Mon, 6 Oct 2008, Howard Chu wrote:

Michael Ströder wrote:

Philip Guenther wrote:

I agree that ldap_initialize() should behave as it currently does,
setting up the handle but not opening any connections.

So this would need ldap_initialize() to defer calling ldap_start_tls().
I don't think that's what Pierangelo has in mind.

But that might actually be the simplest approach. ldap_initialize() can
parse the URL and set a flag in the LDAP* handle noting that StartTLS
was requested.


In the LDAP handle?  You mean in the LDAPURLDesc for that URI?  I would
expect
	ldap_initialize(&ld,
		"ldap://server.example.com/????!1.3.6.1.4.1.1466.20037,";
		"ldap://127.0.0.1/,ldapi://";);

to automatically negotiate TLS when connecting to server.example.com, but
not when connecting to 127.0.0.1 or the UNIX domain socket.

Right. The actual place to insert this code is in ldap_new_connection(). Working on it now...

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- StartTLS URL extension
  - From: Howard Chu <hyc@symas.com>
- Re: StartTLS URL extension
  - From: Volker Lendecke <Volker.Lendecke@SerNet.DE>
- Re: StartTLS URL extension
  - From: Michael Ströder <michael@stroeder.com>
- Re: StartTLS URL extension
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: StartTLS URL extension
  - From: Michael Ströder <michael@stroeder.com>
- Re: StartTLS URL extension
  - From: Philip Guenther <guenther+ldapdev@sendmail.com>
- Re: StartTLS URL extension
  - From: Michael Ströder <michael@stroeder.com>
- Re: StartTLS URL extension
  - From: Philip Guenther <guenther+ldapdev@sendmail.com>
- Re: StartTLS URL extension
  - From: Michael Ströder <michael@stroeder.com>
- Re: StartTLS URL extension
  - From: Howard Chu <hyc@symas.com>
- Re: StartTLS URL extension
  - From: Philip Guenther <guenther+ldapdev@sendmail.com>

Prev by Date: Re: RE24 final testing
Next by Date: Re: RE24 final testing
Index(es):
- Chronological
- Thread