[Date Prev][Date Next] [Chronological] [Thread] [Top]

Channel bindings

Now that Cyrus SASL 2.1.25 is out with channel binding support, we should be looking into adding the hooks needed to use it. I believe what we want to expose is an ldap_get_option(ld, LDAP_OPT_X_TLS_BINDING, &foo) to retrieve the tls-unique binding data from the underlying TLS session. Then we pass this into SASL using sasl_setprop(ctx, SASL_CHANNEL_BINDING, foo). The actual ldap_get_option() code will have to be added for each TLS implementation.

It seems pretty straightforward, am I missing anything?
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/