-----Original Message-----
From: Howard Chu [mailto:hyc@highlandsun.com]
Sent: Thursday, October 16, 2003 6:29 PM
To: Kumar, Prashant [BL60:437:EXCH]; 'Kurt D. Zeilenga'
Cc: openldap-devel@OpenLDAP.org
Subject: RE: Flexibility to use customized "verify_callback" while using OpenLdap with TLS (ITS#2767)-----Original Message-----
From: owner-openldap-devel@OpenLDAP.org [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Prashant Kumar
Sent: Wednesday, October 15, 2003 6:19 AM
To: Howard Chu; 'Kurt D. Zeilenga'
Cc: openldap-devel@OpenLDAP.org
Subject: RE: Flexibility to use customized "verify_callback" while using OpenLdap with TLS (ITS#2767)Howard,
I don't think doing:
ldap_pvt_tls_init();
ldap_pvt_tls_init_def_ctx();
ldap_get_option(NULL, TLS_CTX, &ctx);will give the user enough flexibility to do whatever he wants
unless we fix ldap_start_tls_s because this is the execution
sequence of ldap_start_tls_s:ldap_start_tls_s->ldap_int_tls_start->ldap_int_tls_connect->alloc_handle
->ldap_pvt_tls_int_def_ctx () which will overwrite whatever the user
has done before.Not true. ldap_pvt_tls_init_def_ctx() will not overwrite the context if it has already been initialized. If a user calls the sequence I outlined above before calling ldap_start_tls_s() then their customized context will be used. Since the library works this way, I see no reason to provide additional hooks to customize the global TLS context.-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support