[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Flexibility to use customized "verify_callback" while using OpenLdap with TLS (ITS#2767)



Title: Message
Yes, that does work, I just tried it (sorry for the last mail), it helps me to
do whatever I want to do with SSL_CTX. But is it a good idea to use
the LDAP private functions (ldap_pvt_tls_init() ...) in the user code.
I thought the whole intention of providing the functions "ldap_set_options"
and "ldap_get_options" was to avoid this.
 
Thank you so much for your help.
- Prashant.
-----Original Message-----
From: Howard Chu [mailto:hyc@highlandsun.com]
Sent: Thursday, October 16, 2003 6:29 PM
To: Kumar, Prashant [BL60:437:EXCH]; 'Kurt D. Zeilenga'
Cc: openldap-devel@OpenLDAP.org
Subject: RE: Flexibility to use customized "verify_callback" while using OpenLdap with TLS (ITS#2767)

-----Original Message-----
From: owner-openldap-devel@OpenLDAP.org [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Prashant Kumar
Sent: Wednesday, October 15, 2003 6:19 AM
To: Howard Chu; 'Kurt D. Zeilenga'
Cc: openldap-devel@OpenLDAP.org
Subject: RE: Flexibility to use customized "verify_callback" while using OpenLdap with TLS (ITS#2767)

Howard,

I don't think doing:

        ldap_pvt_tls_init();
        ldap_pvt_tls_init_def_ctx();
        ldap_get_option(NULL, TLS_CTX, &ctx);

will give the user enough flexibility to do  whatever he wants
unless we fix ldap_start_tls_s because this is the execution
sequence of ldap_start_tls_s:

ldap_start_tls_s->ldap_int_tls_start->ldap_int_tls_connect->alloc_handle
->ldap_pvt_tls_int_def_ctx () which will overwrite whatever the user
has done before.  

 
Not true. ldap_pvt_tls_init_def_ctx() will not overwrite the context if it has already been initialized. If a user calls the sequence I outlined above before calling ldap_start_tls_s() then their customized context will be used. Since the library works this way, I see no reason to provide additional hooks to customize the global TLS context.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support