[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Using TLS
- To: 'Quanah Gibson-Mount' <quanah@symas.com>, "'openldap-technical@openldap.org'" <openldap-technical@openldap.org>
- Subject: RE: Using TLS
- From: Daniel Le <daniel.le@exfo.com>
- Date: Fri, 7 Jul 2017 15:05:06 +0000
- Accept-language: en-US
- Content-language: en-US
- In-reply-to: <B1D7EC61B414AD2182C4ECC3@[192.168.1.30]>
- References: <BC204A77E2E9CD4A85A8F600C7F0BA848C1260D2@SPQCMBX02.exfo.com> <20170619021301.pctqj7egmqbg33oq@t500.tetrardus.net> <BC204A77E2E9CD4A85A8F600C7F0BA848C128B6C@SPQCMBX02.exfo.com> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B2E6@SPQCMBX02.exfo.com> <WM!4b2f99c61a1f17344b2f78c4ad0a5975698ba977066cdddadb1c228c0759bde05ca95e73470db3b45f2479a0d79a9664!@mailstronghold-2.zmailcloud.com> <2BEE9DDEB748E3FA5964543A@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B339@SPQCMBX02.exfo.com> <WM!5a16821900b8e192e19606b3f85b95d9079789d5369be265453d7d9dc053cfc23fd1e2bbe80737f17623a816580c4add!@mailstronghold-3.zmailcloud.com> <3F19B79EBB01CFDE1A4853CA@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B34F@SPQCMBX02.exfo.com> <WM!7279bd12dc6c4d62277715ba877ba7023b193cdd2493e54c7ea99f3b227eafff7e242ecf6568044b6c31be496cc57808!@mailstronghold-1.zmailcloud.com> <FD9368DAC419F60777EC3A78@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C12C7F2@SPQCMBX02.exfo.com> <WM!d4b9dde1cd6de8f7fff842255c60d19e37e6173d7ce7a1eb9581caa3b1a446655700e5c12d7bc4a64e9fa2b643adda58!@mailstronghold-3.zmailcloud.com> <B1D7EC61B414AD2182C4ECC3@[192.168.1.30]>
- Thread-index: AdLmtCFfOhBINSmnQBOu0gkfm+lV3wCDvk+AABx1aJAAygY3YAAA22W+AACiO9AAAKI4/gAAfdTAAADu8A0AilcCAAABb7d4AiW763A=
- Thread-topic: Using TLS
Hi Quanah,
I tried ldap_int_tls_config for RE24 in my app program as shown below and it didn't work.
Additionally, I'm curious why you use ldap_int_tls_config instead of ldap_set_option?
lrc = ldap_int_tls_config(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, "never");
if (lrc != LDAP_OPT_SUCCESS) {
bxlog (TRACE_LVL, g_eldap_log_id, "LDAP set tls certificate option failed: %s\n", ldap_err2string(lrc));
goto end;
} else {
bxlog (TRACE_LVL, g_eldap_log_id, "LDAP set tls option %d\n", LDAP_OPT_X_TLS_NEVER);
new_ctx = 0;
lrc = ldap_set_option(m_tLDAP, LDAP_OPT_X_TLS_NEWCTX, &new_ctx);
if (lrc != LDAP_OPT_SUCCESS) {
bxlog (TRACE_LVL, g_eldap_log_id, "LDAP set tls newctx option failed: %s\n", ldap_err2string(lrc));
goto end;
} else {
bxlog (TRACE_LVL, g_eldap_log_id, "LDAP global context reinitialized\n");
}
}
Daniel
-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@symas.com]
Sent: Monday, June 26, 2017 12:36 PM
To: Daniel Le <daniel.le@exfo.com>; 'openldap-technical@openldap.org' <openldap-technical@openldap.org>
Subject: RE: Using TLS
--On Monday, June 26, 2017 4:59 PM +0000 Daniel Le <daniel.le@exfo.com>
wrote:
> int opt;
> opt = LDAP_OPT_X_TLS_NEVER;
> ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt);
>
> -And-
>
> int new_ctx = 0;
> ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &new_ctx);
Hi Daniel,
This case is specifically tested in my TLS test suite in test067. It works correctly, as expected. I would note that I use ldap_int_tls_config (RE24)/ldap_pvt_tls_config (2.5/master) for setting LDAP_OPT_X_TLS_REQUIRE_CERT rather than ldap_set_option.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>