[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4422) Client connecting with multiple certificates
Dear Kurt,
thank you for your reply;
Kurt D. Zeilenga wrote:
>I believe the behavior you are seeing is as intended.
>The current version of libldap only supports a single
>client certificate.
>
>
Actually, the problem isn't only with the client certificate, but with
all the parts of the ssl context (i.e. trusted CA certificates as
well...)...
You are right that one can create the context from the scratch, and to
set it to the ldap library via setting the option LDAP_OPT_X_TLS_CTX.
However, this seems to be a bit useless since the code for creting the
ssl context already exists within the ldap library.
In fact, it would be satisfactory to set the ldap's default ssl context
to NULL (ldap_set_option(NULL, LDAP_OPT_X_TLS_CTX, NULL)); so the ldap
library doesn't find the old context, and creates a new one while
creating the new connection.
However, even this is not possible since LDAP_OPT_X_TLS_CTX is in the
"/* options which cannot withstand invalue == NULL */ " section of
options.c source. (Yes, there is still a possibility to call the
(internal) ldap_pvt_tls_set_option() function directly, but it doesn't
seem to be very clean solution).
Is it possible to move the LDAP_OPT_X_TLS_CTX option to the section
where the NULL is permitted as a correct value?
Thanks, Pavel Rydvan