[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS cleanup

To: Howard Chu <hyc@symas.com>
Subject: Re: TLS cleanup
From: Pierangelo Masarati <ando@sys-net.it>
Date: Sun, 25 Jan 2009 23:36:30 +0100
Cc: OpenLDAP Devel <openldap-devel@openldap.org>
In-reply-to: <497CE8C1.8010100@symas.com>
References: <497CE8C1.8010100@symas.com>
User-agent: Thunderbird 2.0.0.17 (X11/20081001)

Howard Chu wrote:

So, back to the question of libldap's TLS support... The alternate code in HEAD allows multiple TLS implementations to be used at once. The idea here was that a single libldap binary would be able to coexist with multiple apps even if they explicitly used different TLS libraries themselves. In practice I'm not sure that's so important, since probably few apps are aware enough to even make that choice. The other downside of this approach is that the meaning of SSL and SSL_CTX handles in libldap changed (they had to be wrapped so we could insert a tag identifying which implementation went with which handle).

One possibility here is to preserve the old TLS options for OpenSSL only, and make them fail on the other implementations, and introduce new TLS options just for manipulating the generic handles.

Another choice here is to keep the modular layout but still only support one implementation at a time, chosen at compile time. Then we don't need the identifying tag in each session and context handle.


I favor the second option.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------

References:
- TLS cleanup
  - From: Howard Chu <hyc@symas.com>

Prev by Date: TLS cleanup
Next by Date: Re: RE24 connection code reworking
Index(es):
- Chronological
- Thread