[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Stop TLS Using OpenLDAP C Libraries

To: Jason Raneses <chasm@raneses.info>
Subject: Re: Stop TLS Using OpenLDAP C Libraries
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 08 Sep 2004 16:44:34 -0700
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <413F9010.30100@raneses.info>
References: <413F7266.6060506@raneses.info> <6.1.2.0.0.20040908154004.042d14f0@127.0.0.1> <413F9010.30100@raneses.info>

At 04:04 PM 9/8/2004, Jason Raneses wrote:
>In this particular application, the LDAP connections will be pooled, and not every thread using connenctions from the pool will need TLS.  Those that do should be able to get a connection from the pool, start TLS before pulling sensitive information from the directory, stop TLS, and then return the connection to the pool so it can be reused.  Without being able to stop TLS, I'd have to tear down the connection and put it back in the pool so other threads can use it in a known state. Or, as a workaround, separate pools could be created, but I'd rather not go that route.

Or just provide each TLS protection for each connection.  The
expense of stopping/starting TLS will, in all likelihood,
overshadow the expense of protecting non-sensitive information.

>Is there any particular technical reason stop TLS hasn't been implemented?

While there certainly would be some technical hurdles that
one would have to overcome in order to implement stop TLS,
I'd say that the stop TLS has not been implemented because
no developer has sufficient reason to do so.

Kurt

References:
- Stop TLS Using OpenLDAP C Libraries
  - From: Jason Raneses <chasm@raneses.info>
- Re: Stop TLS Using OpenLDAP C Libraries
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Stop TLS Using OpenLDAP C Libraries
  - From: Jason Raneses <chasm@raneses.info>

Prev by Date: Re: Stop TLS Using OpenLDAP C Libraries
Next by Date: Re: Address Matching Problem
Index(es):
- Chronological
- Thread