[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: StartTLS URL extension

To: Michael Ströder <michael@stroeder.com>
Subject: Re: StartTLS URL extension
From: Philip Guenther <guenther+ldapdev@sendmail.com>
Date: Mon, 6 Oct 2008 14:40:30 -0700
Cc: OpenLDAP-devel@openldap.org
In-reply-to: <48EA7A22.10005@stroeder.com>
References: <48E97964.6070300@symas.com> <E1KmiYZ-003VPH-Eu@intern.SerNet.DE> <48E9F7C0.4060707@stroeder.com> <48E9F898.1080106@sys-net.it> <48EA221F.10004@stroeder.com> <alpine.BSO.1.10.0810060750070.9157@vanye.sendmail.com> <48EA7A22.10005@stroeder.com>
User-agent: Alpine 1.10 (BSO 962 2008-03-14)

On Mon, 6 Oct 2008, Michael Ströder wrote:
...
> It's slightly different: From my understanding up to now 
> ldap_initialize() itself did not send out a LDAP PDU. So the error 
> handling of applications might not be prepared for ldap_initialize() 
> causing a real error. This is an incompatible API change.

Ah, I think we're picturing slightly different proposals.  I'm picturing 
it operating similar to how ldaps:// URIs work currently, where TLS is 
negotiated automatically when the connection is actually opened.  My 
comment about the working being done in ldap_initialize() instead of the 
client app was more about the recognizing of the extension in the URI and 
marking that URI as needing TLS.  I agree that ldap_initialize() should 
behave as it currently does, setting up the handle but not opening any 
connections.

Hmm, StartTLS implies/requires protocol version 3.  It seems unfortunate 
that ldap_initialize() wasn't made to default to version 3.  Lacking a 
change to that, what should happen if you use one of these URIs without 
setting the version to 3?
a) error, because you're insane for not setting it already
b) ignore, because things shouldn't just break
c) automatically change version, because confusing people is fun.

Philip Guenther

Follow-Ups:
- Re: StartTLS URL extension
  - From: Michael Ströder <michael@stroeder.com>

References:
- StartTLS URL extension
  - From: Howard Chu <hyc@symas.com>
- Re: StartTLS URL extension
  - From: Volker Lendecke <Volker.Lendecke@SerNet.DE>
- Re: StartTLS URL extension
  - From: Michael Ströder <michael@stroeder.com>
- Re: StartTLS URL extension
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: StartTLS URL extension
  - From: Michael Ströder <michael@stroeder.com>
- Re: StartTLS URL extension
  - From: Philip Guenther <guenther+ldapdev@sendmail.com>
- Re: StartTLS URL extension
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: StartTLS URL extension
Next by Date: Re: StartTLS URL extension
Index(es):
- Chronological
- Thread