[Date Prev][Date Next] [Chronological] [Thread] [Top]

Hard TLS with user specified SSL_CTX



Hi,

I am trying to open a hard tls ldap session with a non-default SSL_CTX.
Basically, my program needs to support multiple SSL_CTX and I can not use
the default SSL_CTX. I tried with the following codes:

ldap_pvt_tls_init();

int    x = LDAP_OPT_X_TLS_HARD;
localRet = ldap_set_option(m_ldap, LDAP_OPT_X_TLS, &x);

SSL_CTX    *sslCtx;

sslCtx = ::SSL_CTX_new(SSLv23_method());

// Codes to set the CA cert, client client and keys etc with the SSL_CTX
// Codes to set the SSL call back functions.

localRet = ldap_set_option(m_ldap, LDAP_OPT_X_TLS_CTX, sslCtx);

But the above ldap_set_option gives a SEGFAULT.  I checked the tls.c code
and found the crash happened in
ldap_pvt_tls_set_option()

        case LDAP_OPT_X_TLS_CTX:
                if ( ld == NULL ) {
                        tls_def_ctx = (SSL_CTX *) arg;

                } else {
                        ld->ld_defconn->lconn_tls_ctx = arg;
                }
                return 0;
        }

The ld->ld_defconn pointer is not allocated with memory yet.  Is there any
openldap api that I need/can to call so that it will allocate the memory for
ld->ld_defconn?

Thanks
Patrick