[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Using TLS

To: 'Quanah Gibson-Mount' <quanah@symas.com>, "'openldap-technical@openldap.org'" <openldap-technical@openldap.org>
Subject: RE: Using TLS
From: Daniel Le <daniel.le@exfo.com>
Date: Fri, 7 Jul 2017 15:29:28 +0000
Accept-language: en-US
Content-language: en-US
In-reply-to: <17F44F2C511AA241C25825BE@[192.168.1.30]>
References: <BC204A77E2E9CD4A85A8F600C7F0BA848C1260D2@SPQCMBX02.exfo.com> <20170619021301.pctqj7egmqbg33oq@t500.tetrardus.net> <BC204A77E2E9CD4A85A8F600C7F0BA848C128B6C@SPQCMBX02.exfo.com> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B2E6@SPQCMBX02.exfo.com> <WM!4b2f99c61a1f17344b2f78c4ad0a5975698ba977066cdddadb1c228c0759bde05ca95e73470db3b45f2479a0d79a9664!@mailstronghold-2.zmailcloud.com> <2BEE9DDEB748E3FA5964543A@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B339@SPQCMBX02.exfo.com> <WM!5a16821900b8e192e19606b3f85b95d9079789d5369be265453d7d9dc053cfc23fd1e2bbe80737f17623a816580c4add!@mailstronghold-3.zmailcloud.com> <3F19B79EBB01CFDE1A4853CA@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B34F@SPQCMBX02.exfo.com> <WM!7279bd12dc6c4d62277715ba877ba7023b193cdd2493e54c7ea99f3b227eafff7e242ecf6568044b6c31be496cc57808!@mailstronghold-1.zmailcloud.com> <FD9368DAC419F60777EC3A78@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C12C7F2@SPQCMBX02.exfo.com> <WM!d4b9dde1cd6de8f7fff842255c60d19e37e6173d7ce7a1eb9581caa3b1a446655700e5c12d7bc4a64e9fa2b643adda58!@mailstronghold-3.zmailcloud.com> <B1D7EC61B414AD2182C4ECC3@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C135A71@SPQCMBX02.exfo.com> <WM!f3449e5b6de6bb922c2c6b8090df181ebc64aad797d7e3cfbfa06facac3d2a4a4201591257ece41371d60b4d6d7040ac!@mailstronghold-2.zmailcloud.com> <17F44F2C511AA241C25825BE@[192.168.1.30]>
Thread-index: AdLmtCFfOhBINSmnQBOu0gkfm+lV3wCDvk+AABx1aJAAygY3YAAA22W+AACiO9AAAKI4/gAAfdTAAADu8A0AilcCAAABb7d4AiW763AAAM9MAwAAEPkQ
Thread-topic: Using TLS

Right, ldap_set_option doesn't take string input argument. I implied an integer value such as LDAP_OPT_X_TLS_NEVER, LDAP_OPT_X_TLS_ALLOW, etc.

I have no doubt it works nicely in your case. Just trying to understand why it doesn't on my side.

Daniel

-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@symas.com] 
Sent: Friday, July 07, 2017 11:20 AM
To: Daniel Le <daniel.le@exfo.com>; 'openldap-technical@openldap.org' <openldap-technical@openldap.org>
Subject: RE: Using TLS

--On Friday, July 07, 2017 4:05 PM +0000 Daniel Le <daniel.le@exfo.com>
wrote:

> Hi Quanah,
>
> I tried ldap_int_tls_config for RE24 in my app program as shown below 
> and it didn't work.

Interesting. ;/  I wonder if there's something more in what you're doing outside of that code snippet that's causing the context to be lost.  It clearly works with the code I've done (and in general with the client libraries).

> Additionally, I'm curious why you use ldap_int_tls_config instead of 
> ldap_set_option?

ldap_set_option can't take "never" as an argument to LDAP_OPT_X_TLS_REQUIRE_CERT, but ldap_int_tls_config can.  If I had used ldap_set_option, I would have needed to do a ton of code duplication for error checking.  Similar for the LDAP_OPT_X_TLS_PROTOCOL_MIN and LDAP_OPT_X_TLS_CRLCHECK options.  Much better to do code re-use. ;)

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- RE: Using TLS
  - From: Daniel Le <daniel.le@exfo.com>
- RE: Using TLS
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: RE: [EXTERNAL] Re: [Bad Attachment] Slave won't send referrals
Next by Date: RE: [EXTERNAL] Re: [Bad Attachment] Slave won't send referrals
Index(es):
- Chronological
- Thread