[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Using TLS

To: 'Quanah Gibson-Mount' <quanah@symas.com>, "'openldap-technical@openldap.org'" <openldap-technical@openldap.org>
Subject: RE: Using TLS
From: Daniel Le <daniel.le@exfo.com>
Date: Fri, 7 Jul 2017 15:05:06 +0000
Accept-language: en-US
Content-language: en-US
In-reply-to: <B1D7EC61B414AD2182C4ECC3@[192.168.1.30]>
References: <BC204A77E2E9CD4A85A8F600C7F0BA848C1260D2@SPQCMBX02.exfo.com> <20170619021301.pctqj7egmqbg33oq@t500.tetrardus.net> <BC204A77E2E9CD4A85A8F600C7F0BA848C128B6C@SPQCMBX02.exfo.com> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B2E6@SPQCMBX02.exfo.com> <WM!4b2f99c61a1f17344b2f78c4ad0a5975698ba977066cdddadb1c228c0759bde05ca95e73470db3b45f2479a0d79a9664!@mailstronghold-2.zmailcloud.com> <2BEE9DDEB748E3FA5964543A@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B339@SPQCMBX02.exfo.com> <WM!5a16821900b8e192e19606b3f85b95d9079789d5369be265453d7d9dc053cfc23fd1e2bbe80737f17623a816580c4add!@mailstronghold-3.zmailcloud.com> <3F19B79EBB01CFDE1A4853CA@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B34F@SPQCMBX02.exfo.com> <WM!7279bd12dc6c4d62277715ba877ba7023b193cdd2493e54c7ea99f3b227eafff7e242ecf6568044b6c31be496cc57808!@mailstronghold-1.zmailcloud.com> <FD9368DAC419F60777EC3A78@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C12C7F2@SPQCMBX02.exfo.com> <WM!d4b9dde1cd6de8f7fff842255c60d19e37e6173d7ce7a1eb9581caa3b1a446655700e5c12d7bc4a64e9fa2b643adda58!@mailstronghold-3.zmailcloud.com> <B1D7EC61B414AD2182C4ECC3@[192.168.1.30]>
Thread-index: AdLmtCFfOhBINSmnQBOu0gkfm+lV3wCDvk+AABx1aJAAygY3YAAA22W+AACiO9AAAKI4/gAAfdTAAADu8A0AilcCAAABb7d4AiW763A=
Thread-topic: Using TLS

Hi Quanah,

I tried ldap_int_tls_config for RE24 in my app program as shown below and it didn't work.

Additionally, I'm curious why you use ldap_int_tls_config instead of ldap_set_option?

    lrc = ldap_int_tls_config(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, "never");
    if (lrc != LDAP_OPT_SUCCESS) {
        bxlog (TRACE_LVL, g_eldap_log_id, "LDAP set tls certificate option failed: %s\n", ldap_err2string(lrc));
        goto end;
    } else {
        bxlog (TRACE_LVL, g_eldap_log_id, "LDAP set tls option %d\n", LDAP_OPT_X_TLS_NEVER);
        new_ctx = 0;
        lrc = ldap_set_option(m_tLDAP, LDAP_OPT_X_TLS_NEWCTX, &new_ctx);
        if (lrc != LDAP_OPT_SUCCESS) {
            bxlog (TRACE_LVL, g_eldap_log_id, "LDAP set tls newctx option failed: %s\n", ldap_err2string(lrc));
            goto end;
        } else {
            bxlog (TRACE_LVL, g_eldap_log_id, "LDAP global context reinitialized\n");
        }
    }

Daniel

-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@symas.com] 
Sent: Monday, June 26, 2017 12:36 PM
To: Daniel Le <daniel.le@exfo.com>; 'openldap-technical@openldap.org' <openldap-technical@openldap.org>
Subject: RE: Using TLS

--On Monday, June 26, 2017 4:59 PM +0000 Daniel Le <daniel.le@exfo.com>
wrote:

> int opt;
> opt = LDAP_OPT_X_TLS_NEVER;
> ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt);
>
> -And-
>
> int new_ctx = 0;
> ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &new_ctx);

Hi Daniel,

This case is specifically tested in my TLS test suite in test067.  It works correctly, as expected.  I would note that I use ldap_int_tls_config (RE24)/ldap_pvt_tls_config (2.5/master) for setting LDAP_OPT_X_TLS_REQUIRE_CERT rather than ldap_set_option.

--Quanah



--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Prev by Date: Slave won't send referrals
Next by Date: Re: [Bad Attachment] Slave won't send referrals
Index(es):
- Chronological
- Thread