[Date Prev][Date Next]
Re: StartTLS URL extension
On Mon, 6 Oct 2008, Michael Ströder wrote:
> It's slightly different: From my understanding up to now
> ldap_initialize() itself did not send out a LDAP PDU. So the error
> handling of applications might not be prepared for ldap_initialize()
> causing a real error. This is an incompatible API change.
Ah, I think we're picturing slightly different proposals. I'm picturing
it operating similar to how ldaps:// URIs work currently, where TLS is
negotiated automatically when the connection is actually opened. My
comment about the working being done in ldap_initialize() instead of the
client app was more about the recognizing of the extension in the URI and
marking that URI as needing TLS. I agree that ldap_initialize() should
behave as it currently does, setting up the handle but not opening any
Hmm, StartTLS implies/requires protocol version 3. It seems unfortunate
that ldap_initialize() wasn't made to default to version 3. Lacking a
change to that, what should happen if you use one of these URIs without
setting the version to 3?
a) error, because you're insane for not setting it already
b) ignore, because things shouldn't just break
c) automatically change version, because confusing people is fun.