On Tue, 12 Aug 2008, Howard Chu wrote:
I've split all of the OpenSSL and GnuTLS-specific code into their own
separate source files, to clean up some of the #ifdef mess that was in
tls.c before. This approach actually allows support for both to be
compiled in at the same time. I'll probably add an LDAP_OPT_X option to
select which implementation to use at runtime. (It might make sense to
make these dynamically loadable modules, but for now I don't want to
make libldap dependent on ltdl/dlopen/whatever.)
Hah. I was going to be submitting an ITS/patch later this week to add an
ldap.conf option (TLS_MIN_PROTOCOL) and a slapd.conf option
(TLSProtocolMin) for disabling use of either just SSLv2 or both SSLv2 and
SSLv3. I guess I'll wait until your changes go in and redo it against the
new layout.
(My patch only adds this for OpenSSL)