[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4726) ldap_pvt_tls_init not called when new CTX requested
Eric Covener wrote:
> On 11/9/06, Howard Chu <hyc@symas.com> wrote:
>> covener@gmail.com wrote:
>> > FWIW, Another SDK I'm working with exposes a once-per-process SSL
>> > initialization method, that would amount to ldap_pvt_tls_init();
>>
>> A fix for this is in HEAD, please test.
>
> Now working for me on HEAD:
> ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, /CA.pem);
> ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, "/cert1.pem");
> ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYTFILE, "/cert1.key");
>
> ld1 = ldap_init(h,p);
> ldap_set_option(ld1, LDAP_OPT_X_TLS_CERTFILE, "/cert2.pem");
> ldap_set_option(ld1, LDAP_OPT_X_TLS_KEYTFILE, "/cert2.key");
> ldap_set_option(ld1, LDAP_OPT_X_NEW_CTX, &(is_server));
>
> ld2 = ldap_init(h,p);
>
> and connections to ld1 and ld2 send the right client cert over the
> wire. Hope this is a resonable API usage -- Much appreciated!
>
Thanks for the confirmation.
The is_server flag only needs to be set non-zero if you are going to be
accepting incoming TLS sessions with that context.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/