[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: StartTLS URL extension

To: Howard Chu <hyc@symas.com>
Subject: Re: StartTLS URL extension
From: Philip Guenther <guenther+ldapdev@sendmail.com>
Date: Mon, 6 Oct 2008 16:11:45 -0700
Cc: OpenLDAP-devel@openldap.org
In-reply-to: <48EA8E41.3010006@symas.com>
References: <48E97964.6070300@symas.com> <E1KmiYZ-003VPH-Eu@intern.SerNet.DE> <48E9F7C0.4060707@stroeder.com> <48E9F898.1080106@sys-net.it> <48EA221F.10004@stroeder.com> <alpine.BSO.1.10.0810060750070.9157@vanye.sendmail.com> <48EA7A22.10005@stroeder.com> <alpine.BSO.1.10.0810061415570.9157@vanye.sendmail.com> <48EA89B3.4050701@stroeder.com> <48EA8E41.3010006@symas.com>
User-agent: Alpine 1.10 (BSO 962 2008-03-14)

On Mon, 6 Oct 2008, Howard Chu wrote:
> Michael Ströder wrote:
> > Philip Guenther wrote:
> > > I agree that ldap_initialize() should behave as it currently does, 
> > > setting up the handle but not opening any connections.
> 
> > So this would need ldap_initialize() to defer calling ldap_start_tls().
> > I don't think that's what Pierangelo has in mind.
> 
> But that might actually be the simplest approach. ldap_initialize() can 
> parse the URL and set a flag in the LDAP* handle noting that StartTLS 
> was requested.

In the LDAP handle?  You mean in the LDAPURLDesc for that URI?  I would 
expect
	ldap_initialize(&ld,
		"ldap://server.example.com/????!1.3.6.1.4.1.1466.20037,";
		"ldap://127.0.0.1/,ldapi://";);

to automatically negotiate TLS when connecting to server.example.com, but 
not when connecting to 127.0.0.1 or the UNIX domain socket.

(Hopefully I haven't mangled the syntax from the RFC too badly...)


Philip

Follow-Ups:
- Re: StartTLS URL extension
  - From: Howard Chu <hyc@symas.com>

References:
- StartTLS URL extension
  - From: Howard Chu <hyc@symas.com>
- Re: StartTLS URL extension
  - From: Volker Lendecke <Volker.Lendecke@SerNet.DE>
- Re: StartTLS URL extension
  - From: Michael Ströder <michael@stroeder.com>
- Re: StartTLS URL extension
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: StartTLS URL extension
  - From: Michael Ströder <michael@stroeder.com>
- Re: StartTLS URL extension
  - From: Philip Guenther <guenther+ldapdev@sendmail.com>
- Re: StartTLS URL extension
  - From: Michael Ströder <michael@stroeder.com>
- Re: StartTLS URL extension
  - From: Philip Guenther <guenther+ldapdev@sendmail.com>
- Re: StartTLS URL extension
  - From: Michael Ströder <michael@stroeder.com>
- Re: StartTLS URL extension
  - From: Howard Chu <hyc@symas.com>

Prev by Date: RE24 final testing
Next by Date: Re: RE24 final testing
Index(es):
- Chronological
- Thread