[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4726) ldap_pvt_tls_init not called when new CTX requested

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4726) ldap_pvt_tls_init not called when new CTX requested
From: hyc@symas.com
Date: Fri, 10 Nov 2006 00:27:30 GMT

Eric Covener wrote:
> On 11/9/06, Howard Chu <hyc@symas.com> wrote:
>> covener@gmail.com wrote:
>> > FWIW, Another SDK I'm working with exposes a once-per-process SSL
>> > initialization method, that would amount to ldap_pvt_tls_init();
>>
>> A fix for this is in HEAD, please test.
> 
> Now working for me on HEAD:
> ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, /CA.pem);
> ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, "/cert1.pem");
> ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYTFILE, "/cert1.key");
> 
> ld1 = ldap_init(h,p);
> ldap_set_option(ld1, LDAP_OPT_X_TLS_CERTFILE, "/cert2.pem");
> ldap_set_option(ld1, LDAP_OPT_X_TLS_KEYTFILE, "/cert2.key");
> ldap_set_option(ld1, LDAP_OPT_X_NEW_CTX, &(is_server));
> 
> ld2 = ldap_init(h,p);
> 
> and connections to ld1 and ld2 send the right client cert over the
> wire.  Hope this is a resonable API usage -- Much appreciated!
> 
Thanks for the confirmation.

The is_server flag only needs to be set non-zero if you are going to be 
accepting incoming TLS sessions with that context.

-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc
   OpenLDAP Core Team            http://www.openldap.org/project/

Prev by Date: Re: (ITS#4726) ldap_pvt_tls_init not called when new CTX requested
Next by Date: (ITS#4742) parameter unique_attributes and unknown attribute types
Index(es):
- Chronological
- Thread