[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4726) ldap_pvt_tls_init not called when new CTX requested



On 11/9/06, Howard Chu <hyc@symas.com> wrote:
> covener@gmail.com wrote:
> > FWIW, Another SDK I'm working with exposes a once-per-process SSL
> > initialization method, that would amount to ldap_pvt_tls_init();
>
> A fix for this is in HEAD, please test.

Now working for me on HEAD:
ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, /CA.pem);
ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, "/cert1.pem");
ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYTFILE, "/cert1.key");

ld1 = ldap_init(h,p);
ldap_set_option(ld1, LDAP_OPT_X_TLS_CERTFILE, "/cert2.pem");
ldap_set_option(ld1, LDAP_OPT_X_TLS_KEYTFILE, "/cert2.key");
ldap_set_option(ld1, LDAP_OPT_X_NEW_CTX, &(is_server));

ld2 = ldap_init(h,p);

and connections to ld1 and ld2 send the right client cert over the
wire.  Hope this is a resonable API usage -- Much appreciated!

-- 
Eric Covener
covener@gmail.com