[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Using TLS

To: Daniel Le <daniel.le@exfo.com>, "'openldap-technical@openldap.org'" <openldap-technical@openldap.org>
Subject: RE: Using TLS
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Fri, 07 Jul 2017 08:19:58 -0700
Content-disposition: inline
In-reply-to: <WM!f3449e5b6de6bb922c2c6b8090df181ebc64aad797d7e3cfbfa06facac3d2a4a4201591257ece41371d60b4d6d7040ac!@mailstronghold-2.zmailcloud.com>
References: <BC204A77E2E9CD4A85A8F600C7F0BA848C1260D2@SPQCMBX02.exfo.com> <20170619021301.pctqj7egmqbg33oq@t500.tetrardus.net> <BC204A77E2E9CD4A85A8F600C7F0BA848C128B6C@SPQCMBX02.exfo.com> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B2E6@SPQCMBX02.exfo.com> <WM!4b2f99c61a1f17344b2f78c4ad0a5975698ba977066cdddadb1c228c0759bde05ca95e73470db3b45f2479a0d79a9664!@mailstronghold-2.zmailcloud.com> <2BEE9DDEB748E3FA5964543A@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B339@SPQCMBX02.exfo.com> <WM!5a16821900b8e192e19606b3f85b95d9079789d5369be265453d7d9dc053cfc23fd1e2bbe80737f17623a816580c4add!@mailstronghold-3.zmailcloud.com> <3F19B79EBB01CFDE1A4853CA@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B34F@SPQCMBX02.exfo.com> <WM!7279bd12dc6c4d62277715ba877ba7023b193cdd2493e54c7ea99f3b227eafff7e242ecf6568044b6c31be496cc57808!@mailstronghold-1.zmailcloud.com> <FD9368DAC419F60777EC3A78@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C12C7F2@SPQCMBX02.exfo.com> <WM!d4b9dde1cd6de8f7fff842255c60d19e37e6173d7ce7a1eb9581caa3b1a446655700e5c12d7bc4a64e9fa2b643adda58!@mailstronghold-3.zmailcloud.com> <B1D7EC61B414AD2182C4ECC3@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C135A71@SPQCMBX02.exfo.com> <WM!f3449e5b6de6bb922c2c6b8090df181ebc64aad797d7e3cfbfa06facac3d2a4a4201591257ece41371d60b4d6d7040ac!@mailstronghold-2.zmailcloud.com>

--On Friday, July 07, 2017 4:05 PM +0000 Daniel Le <daniel.le@exfo.com>wrote:

Hi Quanah,

I tried ldap_int_tls_config for RE24 in my app program as shown below and
it didn't work.

Interesting. ;/ I wonder if there's something more in what you're doingoutside of that code snippet that's causing the context to be lost. Itclearly works with the code I've done (and in general with the clientlibraries).

Additionally, I'm curious why you use ldap_int_tls_config instead of
ldap_set_option?

ldap_set_option can't take "never" as an argument toLDAP_OPT_X_TLS_REQUIRE_CERT, but ldap_int_tls_config can. If I had usedldap_set_option, I would have needed to do a ton of code duplication forerror checking. Similar for the LDAP_OPT_X_TLS_PROTOCOL_MIN andLDAP_OPT_X_TLS_CRLCHECK options. Much better to do code re-use. ;)


--Quanah



--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Follow-Ups:
- RE: Using TLS
  - From: Daniel Le <daniel.le@exfo.com>

References:
- RE: Using TLS
  - From: Daniel Le <daniel.le@exfo.com>

Prev by Date: Re: [Bad Attachment] Slave won't send referrals
Next by Date: RE: [EXTERNAL] Re: [Bad Attachment] Slave won't send referrals
Index(es):
- Chronological
- Thread