[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Hard TLS with user specified SSL_CTX
Hi,
I am trying to open a hard tls ldap session with a non-default SSL_CTX.
Basically, my program needs to support multiple SSL_CTX and I can not use
the default SSL_CTX. I tried with the following codes:
ldap_pvt_tls_init();
int x = LDAP_OPT_X_TLS_HARD;
localRet = ldap_set_option(m_ldap, LDAP_OPT_X_TLS, &x);
SSL_CTX *sslCtx;
sslCtx = ::SSL_CTX_new(SSLv23_method());
// Codes to set the CA cert, client client and keys etc with the SSL_CTX
// Codes to set the SSL call back functions.
localRet = ldap_set_option(m_ldap, LDAP_OPT_X_TLS_CTX, sslCtx);
But the above ldap_set_option gives a SEGFAULT. I checked the tls.c code
and found the crash happened in
ldap_pvt_tls_set_option()
case LDAP_OPT_X_TLS_CTX:
if ( ld == NULL ) {
tls_def_ctx = (SSL_CTX *) arg;
} else {
ld->ld_defconn->lconn_tls_ctx = arg;
}
return 0;
}
The ld->ld_defconn pointer is not allocated with memory yet. Is there any
openldap api that I need/can to call so that it will allocate the memory for
ld->ld_defconn?
Thanks
Patrick