Re: HEADS UP: TLS "hard"

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 12:02 PM 5/22/2003, Stephen Frost wrote:
>Though I was talking about the tools in that they should follow default behaviour

The default behavior of the library has been to take no action
on behalf of the application until the application (on behalf
of the user) requests that action to be performed.

ldap.conf(5) does not specify default behavior.  It specified
parameters which an application may default to if it so chooses.
For example, an application which would like to open an
session with a directory server may, instead of providing a
URI, may default the connection to a URI known to the library.

While it might be reasonable to add additional parameters to
ldap.conf(5) which an application may default to in choosing
to start TLS or not, it is not reasonable for this library to
attempt to start TLS until the application has requested that
it do so.

While it reasonable to design and implement a library which,
by default, took various actions without being an explicit
request to do so, it is not reasonable for this library
(at least via the current API) to do so.  That would break
applications expecting the current library behavior.

Kurt