Full_Name: Christian Heimes Version: 2.4.45 OS: Fedora URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2001:16b8:607e:f300:6312:6da:8e63:dfa2) The documentation for ldap_set_option LDAP_OPT_X_TLS_NEWCTX is wrong or at least misleading. The man page https://linux.die.net/man/3/ldap_set_option describes the option as: > Instructs the library to create a new TLS library context. invalue must be const int *. A non-zero value pointed to by invalue tells the library to create a context for a server. However tls2 creates a new context for any non-NULL argument, even for ldap_set_option(l, LDAP_OPT_X_TLS_NEWCTX, 0). See https://github.com/openldap/openldap/blob/OPENLDAP_REL_ENG_2_4_45/libraries/libldap/tls2.c#L799-L804
cheimes@redhat.com wrote: > Full_Name: Christian Heimes > Version: 2.4.45 > OS: Fedora > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (2001:16b8:607e:f300:6312:6da:8e63:dfa2) > > > The documentation for ldap_set_option LDAP_OPT_X_TLS_NEWCTX is wrong or at least > misleading. The man page https://linux.die.net/man/3/ldap_set_option describes > the option as: > >> Instructs the library to create a new TLS library context. invalue must be > const int *. A non-zero value pointed to by invalue tells the library to create > a context for a server. > > However tls2 creates a new context for any non-NULL argument, even for > ldap_set_option(l, LDAP_OPT_X_TLS_NEWCTX, 0). See > https://github.com/openldap/openldap/blob/OPENLDAP_REL_ENG_2_4_45/libraries/libldap/tls2.c#L799-L804 I see no disagreement between the code and the documentation. Please elaborate, otherwise this ITS will be closed. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
On 2018-02-15 17:04, Howard Chu wrote: > I see no disagreement between the code and the documentation. Please > elaborate, otherwise this ITS will be closed. For a non-native speaker, the documentation sounds a bit like ldap_set_option(l, LDAP_OPT_X_TLS_NEWCTX, 0) does not create a new context at all because the input value is zero. Could you please mention that a zero value creates a client context? -- Christian Heimes Senior Software Engineer, Identity Management and Platform Security Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander
cheimes@redhat.com wrote: > This is an OpenPGP/MIME signed message (RFC 4880 and 3156) > --xtLU7S4g0jUK8GMHh0QtLLEN50A6OirhP > Content-Type: multipart/mixed; boundary="ImAEehvUF6AyAI2LgcI3vl7LvbpVlLmbd"; > protected-headers="v1" > From: Christian Heimes <cheimes@redhat.com> > To: Howard Chu <hyc@symas.com>, openldap-its@OpenLDAP.org > Message-ID: <1ad5d71c-c2c2-701e-1550-5296c850a51e@redhat.com> > Subject: Re: (ITS#8805) Documentation for LDAP_OPT_X_TLS_NEWCTX is wrong > References: <E1emLjU-0005uv-8G@gauss.openldap.net> > <9e35c40f-d567-5dec-dd5d-085dcd356483@symas.com> > In-Reply-To: <9e35c40f-d567-5dec-dd5d-085dcd356483@symas.com> > > --ImAEehvUF6AyAI2LgcI3vl7LvbpVlLmbd > Content-Type: text/plain; charset=utf-8 > Content-Language: en-US > Content-Transfer-Encoding: quoted-printable > > On 2018-02-15 17:04, Howard Chu wrote: >> I see no disagreement between the code and the documentation. Please >> elaborate, otherwise this ITS will be closed. > > For a non-native speaker, the documentation sounds a bit like > ldap_set_option(l, LDAP_OPT_X_TLS_NEWCTX, 0) does not create a new > context at all because the input value is zero. Could you please mention > that a zero value creates a client context? "This option creates a context. If you specify a 1, it will create a context for a server." Nothing in these statements implies that it will *not* create a context. Closing this ITS. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/