[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP_OPT_X_TLS_xxx option in SSL/TLS connection
Am Donnerstag 01 März 2012, 11:49:22 schrieb Michael Ströder:
> Qiang Xu wrote:
> > Guess what? Just picked up a pearl in the sea of internet:
> > http://www.mailinglistarchive.com/postfix-users@postfix.org/msg5768
> > 8.html
> >
> > Basically, it seems to be a feature introduced since the beginning
> > of openldap 2.4 version. We need to set
> > LDAP_OPT_X_TLS_REQUIRE_CERT on an ldap handle>
> > (already initialized), and set LDAP_OPT_X_TLS_NEWCTX (with a value 0)
thereafter:
> > rc = ldap_set_option(ld,
> > LDAP_OPT_X_TLS_REQUIRE_CERT, &require_cert);
> > assert(rc == LDAP_OPT_SUCCESS);
> >
> > rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX,
> > &am_server); //>
> > am_server is 1, only if the code is compiled for server
> >
> > assert(rc == LDAP_OPT_SUCCESS);
> >
> > Now the option works as per connection, rather than as per process.
>
> Could someone of the OpenLDAP core developers please confirm this?
> Especially whether LDAP_OPT_X_TLS_NEWCTX is set to LDAP_OPT_OFF for
> "clients"?
No, as Qiang Xu already noted LDAP_OPT_OFF is defined as a NULL pointer,
while LDAP_OPT_X_TLS_NEWCTX expects a pointer to a integer which has the
value 0. Something like this should work for a client context:
int val = 0;
ldap_set_option( ld, LDAP_OPT_X_TLS_NEWCTX, &val);
regards,
Ralf