Re: LDAP_OPT_X_TLS_xxx option in SSL/TLS connection

[Qiang Xu <qixu@lexmark.com>]

2012/3/1 Michael Ströder <michael@stroeder.com>

Could someone of the OpenLDAP core developers please confirm this?

Especially whether LDAP_OPT_X_TLS_NEWCTX is set to LDAP_OPT_OFF for "clients"?

At least this is what is mentioned in the man page:

http://linux.die.net/man/3/ldap_set_option

LDAP_OPT_X_TLS_NEWCTX

Instructs the library to create a new TLS library context. invalue must be const int *. A non-zero value pointed to by invalue tells the library to create a context for a server.

Just have a quick look at the code:
// include/ldap.h
#define LDAP_OPT_OFF        ((void *) 0)
#define LDAP_OPT_ON         ((void *) &ber_pvt_opt_on)
...
// libraries/liblber/options.c
char ber_pvt_opt_on; /* used to get a non-NULL address for *_OPT_ON */

LDAP_OPT_OFF seems to be a NULL pointer. It seems not intended to be used to set the value for LDAP_OPT_X_TLS_NEWCTX, which requires a 'const int *' type (the address of a predefined integer value).

But yes, it had better be clarified by some developer or someone very familiar to OpenLDAP code.

Thanks,
Qiang