[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP_OPT_X_TLS_xxx option in SSL/TLS connection

Qiang Xu wrote:
Guess what? Just picked up a pearl in the sea of internet:

Basically, it seems to be a feature introduced since the beginning of openldap
2.4 version. We need to set LDAP_OPT_X_TLS_REQUIRE_CERT on an ldap handle
(already initialized), and set LDAP_OPT_X_TLS_NEWCTX (with a value 0) thereafter:

         rc = ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &require_cert);
         assert(rc == LDAP_OPT_SUCCESS);

         rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &am_server); //
am_server is 1, only if the code is compiled for server
         assert(rc == LDAP_OPT_SUCCESS);

Now the option works as per connection, rather than as per process.

Could someone of the OpenLDAP core developers please confirm this?
Especially whether LDAP_OPT_X_TLS_NEWCTX is set to LDAP_OPT_OFF for "clients"?

Ciao, Michael.