[Date Prev][Date Next]
Now that Cyrus SASL 2.1.25 is out with channel binding support, we should be
looking into adding the hooks needed to use it. I believe what we want to
expose is an ldap_get_option(ld, LDAP_OPT_X_TLS_BINDING, &foo) to retrieve the
tls-unique binding data from the underlying TLS session. Then we pass this
into SASL using sasl_setprop(ctx, SASL_CHANNEL_BINDING, foo). The actual
ldap_get_option() code will have to be added for each TLS implementation.
It seems pretty straightforward, am I missing anything?
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/