[Date Prev][Date Next] [Chronological] [Thread] [Top]

Hard TLS with user specified SSL_CTX


I am trying to open a hard tls ldap session with a non-default SSL_CTX.
Basically, my program needs to support multiple SSL_CTX and I can not use
the default SSL_CTX. I tried with the following codes:


int    x = LDAP_OPT_X_TLS_HARD;
localRet = ldap_set_option(m_ldap, LDAP_OPT_X_TLS, &x);

SSL_CTX    *sslCtx;

sslCtx = ::SSL_CTX_new(SSLv23_method());

// Codes to set the CA cert, client client and keys etc with the SSL_CTX
// Codes to set the SSL call back functions.

localRet = ldap_set_option(m_ldap, LDAP_OPT_X_TLS_CTX, sslCtx);

But the above ldap_set_option gives a SEGFAULT.  I checked the tls.c code
and found the crash happened in

        case LDAP_OPT_X_TLS_CTX:
                if ( ld == NULL ) {
                        tls_def_ctx = (SSL_CTX *) arg;

                } else {
                        ld->ld_defconn->lconn_tls_ctx = arg;
                return 0;

The ld->ld_defconn pointer is not allocated with memory yet.  Is there any
openldap api that I need/can to call so that it will allocate the memory for