[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8753) Public key pinning support in libldap

To: openldap-its@OpenLDAP.org
Subject: (ITS#8753) Public key pinning support in libldap
From: ondra@openldap.org
Date: Tue, 10 Oct 2017 10:43:42 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Ondrej Kuznik
Version: master
OS: 
URL: https://github.com/mistotebe/openldap/tree/its8753
Submission from: (NULL) (82.10.24.68)


Some programs might want to pin the server's public key instead of/in addition
to certificate validation. The patch linked implements this option and provides
OpenSSL/GnuTLS support code.

A new libldap option LDAP_OPT_X_TLS_PEERKEY_HASH that accepts a string
'hashname/base64_hash_of_public_key'. If a TLS session is already present on the
main connection, it is also checked immediately.

It introduces a dependency on liblutil by depending on the symbol
lutil_b64_pton. Somehow, this breaks the build for the ldap* tools, not sure why
or how to fix that yet.

Prev by Date: Re: (ITS#8609) segfault in mods.c - modify_add_values
Next by Date: (ITS#8754) ldpasearch IPv5 only
Index(es):
- Chronological
- Thread