[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4475) libldap/tls.c uses static variables for TLS information

To: openldap-its@OpenLDAP.org
Subject: (ITS#4475) libldap/tls.c uses static variables for TLS information
From: aland@freeradius.org
Date: Wed, 5 Apr 2006 17:11:07 GMT

Full_Name: Alan DeKok
Version: current
OS: Linux
URL: 
Submission from: (NULL) (205.158.171.199)


http://www.openldap.org/devel/cvsweb.cgi/~checkout~/libraries/libldap/tls.c?rev=1.133&hideattic=1&sortbydate=0

  says:

...
static int  tls_opt_trace = 1;
static char *tls_opt_certfile = NULL;
static char *tls_opt_keyfile = NULL;
static char *tls_opt_dhfile = NULL;
static char *tls_opt_cacertfile = NULL;
static char *tls_opt_cacertdir = NULL;
static int  tls_opt_require_cert = LDAP_OPT_X_TLS_DEMAND;
...

These variables should be tied to the LDAP* pointer that's returned to the
caller
in ldap_initialize().

The effect of this bug is that applications using libldap can have a TLS
connection open to only one LDAP server at a time.  While this works for
most applications, FreeRADIUS (www.freeradius.org) can have multiple long-lived
connections open to multiple LDAP servers.

This bug means that only one of those connections can use certificates, OR
all of the connections must use the same cacerts.  This restriction causes
problems for administrators who wisth to use different certificates for each
LDAP server.

Prev by Date: Re: (ITS#4474) back-ldap not cleaning fds
Next by Date: Re: (ITS#4475) libldap/tls.c uses static variables for TLS information
Index(es):
- Chronological
- Thread