[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ITS#4422, #4475, TLS context
Howard Chu wrote:
I've been tweaking libldap/tls.c toward this goal, but I keep changing
my mind about how it should really work. The main point is to push
most of these settings into the ldapoptions struct, where they should
have been all along. The other problem is that setting the various
options has no immediate effect; it's only in the "init_def_ctx"
function where they actually get used.
All of that was pretty ugly. Still looking for a cleaner way to handle
this. Perhaps push the option values into the SSL_CTX immediately, and
so eliminate the need for an init_def_ctx step. I.e., allocate the
SSL_CTX the first time a TLS option is set, instead of deferring all the
steps. (But then that would mean you have to be careful about the order
in which you set some options.)
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/