[Date Prev][Date Next]
Re: (ITS#8753) Public key pinning support in libldap
On Tue, Oct 10, 2017 at 10:43:42AM +0000, email@example.com wrote:
> URL: https://github.com/mistotebe/openldap/tree/its8753
> A new libldap option LDAP_OPT_X_TLS_PEERKEY_HASH that accepts a string
> 'hashname/base64_hash_of_public_key'. If a TLS session is already present on the
> main connection, it is also checked immediately.
> It introduces a dependency on liblutil by depending on the symbol
> lutil_b64_pton. Somehow, this breaks the build for the ldap* tools, not sure why
> or how to fix that yet.
A new version is now at the same place (see above), it moves the ldif.c
in-place base64 decoding into a separate function and reuses that.
- pin hash algorithm separator changes to ':'
- pin can now be set from the environment
- can now better deal with connection freeing and/or changes to the
global ldap options
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP