[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ITS#4422, #4475, TLS context

Howard Chu wrote:
I've been tweaking libldap/tls.c toward this goal, but I keep changing my mind about how it should really work. The main point is to push most of these settings into the ldapoptions struct, where they should have been all along. The other problem is that setting the various options has no immediate effect; it's only in the "init_def_ctx" function where they actually get used.

All of that was pretty ugly. Still looking for a cleaner way to handle this. Perhaps push the option values into the SSL_CTX immediately, and so eliminate the need for an init_def_ctx step. I.e., allocate the SSL_CTX the first time a TLS option is set, instead of deferring all the steps. (But then that would mean you have to be careful about the order in which you set some options.)

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/