[Date Prev][Date Next] [Chronological] [Thread] [Top]

Channel bindings

To: "OpenLDAP-devel@openldap.org" <OpenLDAP-devel@openldap.org>
Subject: Channel bindings
From: Howard Chu <hyc@symas.com>
Date: Mon, 21 Nov 2011 17:10:20 -0800
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0a1) Gecko/20111001 Firefox/10.0a1 SeaMonkey/2.7a1

Now that Cyrus SASL 2.1.25 is out with channel binding support, we should belooking into adding the hooks needed to use it. I believe what we want toexpose is an ldap_get_option(ld, LDAP_OPT_X_TLS_BINDING, &foo) to retrieve thetls-unique binding data from the underlying TLS session. Then we pass thisinto SASL using sasl_setprop(ctx, SASL_CHANNEL_BINDING, foo). The actualldap_get_option() code will have to be added for each TLS implementation.


It seems pretty straightforward, am I missing anything?
--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: Channel bindings
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: RE24 testing call (2.4.27 official call #2)
Next by Date: Re: Channel bindings
Index(es):
- Chronological
- Thread