[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Using TLS
- To: Daniel Le <daniel.le@exfo.com>, "'openldap-technical@openldap.org'" <openldap-technical@openldap.org>
- Subject: RE: Using TLS
- From: Quanah Gibson-Mount <quanah@symas.com>
- Date: Fri, 07 Jul 2017 08:19:58 -0700
- Content-disposition: inline
- In-reply-to: <WM!f3449e5b6de6bb922c2c6b8090df181ebc64aad797d7e3cfbfa06facac3d2a4a4201591257ece41371d60b4d6d7040ac!@mailstronghold-2.zmailcloud.com>
- References: <BC204A77E2E9CD4A85A8F600C7F0BA848C1260D2@SPQCMBX02.exfo.com> <20170619021301.pctqj7egmqbg33oq@t500.tetrardus.net> <BC204A77E2E9CD4A85A8F600C7F0BA848C128B6C@SPQCMBX02.exfo.com> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B2E6@SPQCMBX02.exfo.com> <WM!4b2f99c61a1f17344b2f78c4ad0a5975698ba977066cdddadb1c228c0759bde05ca95e73470db3b45f2479a0d79a9664!@mailstronghold-2.zmailcloud.com> <2BEE9DDEB748E3FA5964543A@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B339@SPQCMBX02.exfo.com> <WM!5a16821900b8e192e19606b3f85b95d9079789d5369be265453d7d9dc053cfc23fd1e2bbe80737f17623a816580c4add!@mailstronghold-3.zmailcloud.com> <3F19B79EBB01CFDE1A4853CA@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B34F@SPQCMBX02.exfo.com> <WM!7279bd12dc6c4d62277715ba877ba7023b193cdd2493e54c7ea99f3b227eafff7e242ecf6568044b6c31be496cc57808!@mailstronghold-1.zmailcloud.com> <FD9368DAC419F60777EC3A78@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C12C7F2@SPQCMBX02.exfo.com> <WM!d4b9dde1cd6de8f7fff842255c60d19e37e6173d7ce7a1eb9581caa3b1a446655700e5c12d7bc4a64e9fa2b643adda58!@mailstronghold-3.zmailcloud.com> <B1D7EC61B414AD2182C4ECC3@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C135A71@SPQCMBX02.exfo.com> <WM!f3449e5b6de6bb922c2c6b8090df181ebc64aad797d7e3cfbfa06facac3d2a4a4201591257ece41371d60b4d6d7040ac!@mailstronghold-2.zmailcloud.com>
--On Friday, July 07, 2017 4:05 PM +0000 Daniel Le <daniel.le@exfo.com>
wrote:
Hi Quanah,
I tried ldap_int_tls_config for RE24 in my app program as shown below and
it didn't work.
Interesting. ;/ I wonder if there's something more in what you're doing
outside of that code snippet that's causing the context to be lost. It
clearly works with the code I've done (and in general with the client
libraries).
Additionally, I'm curious why you use ldap_int_tls_config instead of
ldap_set_option?
ldap_set_option can't take "never" as an argument to
LDAP_OPT_X_TLS_REQUIRE_CERT, but ldap_int_tls_config can. If I had used
ldap_set_option, I would have needed to do a ton of code duplication for
error checking. Similar for the LDAP_OPT_X_TLS_PROTOCOL_MIN and
LDAP_OPT_X_TLS_CRLCHECK options. Much better to do code re-use. ;)
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>