[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap_start_tls_s or ldap_set_option(LDAP_OPT_X_TLS)?



So I'm writing a small client that uses the OpenLDAP libraries.  In
looking at the tools in clients/tools/* I see that when attempting to
establish a TLS connection they always seem to use ldap_start_tls_s().
I have tried this and it works well in conjunction with
ldap_set_option() and LDAP_OPT_X_TLS_CACERTFILE, LDAP_OPT_X_TLS_CERTFILE, 
and LDAP_OPT_X_TLS_KEYFILE.  

However, I also notice that some (it would appear) clients (not in the
LDAP source tree) rely strictly on ldap_set_option(LDAP_OPT_X_TLS) and
(I presume) expect the first action on that connection to use TLS?  Is
this correct?  I can't get it to work so I assume not.  So, what is
LDAP_OPT_X_TLS for?  Is it simply for setting whether you want TLS to be
HARD,TRY,NEVER etc... when you actually call ldap_start_tls_s()?  Is any
of this documented (I can't find anything, but maybe I'm looking in the
wrong places).  

Thank you.

-- 
seth / @sethdaniel.org
Time is an illusion perpetrated by the manufacturers of space.