[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antwort: OpenSSL + Java



Now i found the only reference in the source.
The Server has to be compiled with the "--with-tls" configure option.
Then the only source code i found in all client-tools is to make a
connection with ldap_start_tls_s, not using any certificate.
Look at the code snip. (It is in C but should be the same in java).
Take a look if you have the command ldap_start_tls_s.
The ldap_start_tls_s is called before ldap_simple_bind_s.
Tell me if it works.
I will do the same in C tomorrow.


Code Snip:
if ( use_tls && ( ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS )) {
                ldap_perror( ld, "ldap_start_tls" );
                if ( use_tls > 1 ) {
                        return( EXIT_FAILURE );
                }
        }



Rgds. Franz
____________________________________________________
Franz Skale
mainwork information technology AG
IT-Services
Tech Gate Vienna
Donaucitystrasse 1
A-1220 Wien
Tel: +43 1 333 48 58-0
Fax: +43 1 333 48 58-24
e-mail: f.skale@mainwork.com
Internet: http://www.mainwork.com


                                                                                                                                 
                    f.skale@mainwork.com                                                                                         
                    Gesendet von:                     An:     "Zamangoer, Ferruh" <ferruh.zamangoer@materna.de>                  
                    owner-openldap-software@Op        Kopie:  OpenLdap-Software@OpenLDAP.com                                     
                    enLDAP.org                        Thema:  Antwort: OpenSSL + Java                                            
                                                                                                                                 
                                                                                                                                 
                    02.04.2002 17:53                                                                                             
                                                                                                                                 
                                                                                                                                 





You have to use special ldap_option settings to accomplish this.
/* OpenLDAP TLS options */
#define LDAP_OPT_X_TLS                          0x6000
#define LDAP_OPT_X_TLS_CTX                      0x6001  /* SSL CTX */
#define LDAP_OPT_X_TLS_CACERTFILE       0x6002
#define LDAP_OPT_X_TLS_CACERTDIR        0x6003
#define LDAP_OPT_X_TLS_CERTFILE         0x6004
#define LDAP_OPT_X_TLS_KEYFILE          0x6005
#define LDAP_OPT_X_TLS_REQUIRE_CERT     0x6006
/* #define LDAP_OPT_X_TLS_PROTOCOL              0x6007 */
#define LDAP_OPT_X_TLS_CIPHER_SUITE     0x6008
#define LDAP_OPT_X_TLS_RANDOM_FILE      0x6009

#define LDAP_OPT_X_TLS_NEVER            0
#define LDAP_OPT_X_TLS_HARD             1
#define LDAP_OPT_X_TLS_DEMAND           2
#define LDAP_OPT_X_TLS_ALLOW            3
#define LDAP_OPT_X_TLS_TRY              4

On the bind use the ldaps port.
Use ldap_start_tls_s to start tls transcation.
Hint: I didn't find any docs regarding the tls for ldap.
____________________________________________________
Franz Skale
mainwork information technology AG
IT-Services
Tech Gate Vienna
Donaucitystrasse 1
A-1220 Wien
Tel: +43 1 333 48 58-0
Fax: +43 1 333 48 58-24
e-mail: f.skale@mainwork.com
Internet: http://www.mainwork.com



                    "Zamangoer, Ferruh"

                    <ferruh.zamangoer@materna.        An:
OpenLdap-Software@OpenLDAP.com, openssl-users@openssl.org
                    de>                               Kopie:

                    Gesendet von:                     Thema:  OpenSSL +
Java
                    owner-openldap-software@Op

                    enLDAP.org



                    02.04.2002 17:30







Hi all,

I'am writing a application in java , which allows the user to make a search
in LDAP-Server. My Problem is that I want to use a secure network
connection
to communicate between the application and LDAP Server. I have install the
openssl , but I have not found an easy manual which describes what I have
to
edit in the openssl.conf.
Can anybody help me??

thanks in advance for any help

Ferruh