From: Howard Chu [mailto:firstname.lastname@example.org]
Sent: Thursday, October 16, 2003 6:29 PM
To: Kumar, Prashant [BL60:437:EXCH]; 'Kurt D. Zeilenga'
Subject: RE: Flexibility to use customized "verify_callback" while using OpenLdap with TLS (ITS#2767)-----Original Message-----
From: owner-openldap-devel@OpenLDAP.org [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Prashant Kumar
Sent: Wednesday, October 15, 2003 6:19 AM
To: Howard Chu; 'Kurt D. Zeilenga'
Subject: RE: Flexibility to use customized "verify_callback" while using OpenLdap with TLS (ITS#2767)
I don't think doing:
ldap_get_option(NULL, TLS_CTX, &ctx);
will give the user enough flexibility to do whatever he wants
unless we fix ldap_start_tls_s because this is the execution
sequence of ldap_start_tls_s:
->ldap_pvt_tls_int_def_ctx () which will overwrite whatever the user
has done before.Not true. ldap_pvt_tls_init_def_ctx() will not overwrite the context if it has already been initialized. If a user calls the sequence I outlined above before calling ldap_start_tls_s() then their customized context will be used. Since the library works this way, I see no reason to provide additional hooks to customize the global TLS context.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support