[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4726) ldap_pvt_tls_init not called when new CTX requested

Eric Covener wrote:
> On 11/9/06, Howard Chu <hyc@symas.com> wrote:
>> covener@gmail.com wrote:
>> > FWIW, Another SDK I'm working with exposes a once-per-process SSL
>> > initialization method, that would amount to ldap_pvt_tls_init();
>> A fix for this is in HEAD, please test.
> Now working for me on HEAD:
> ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, /CA.pem);
> ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, "/cert1.pem");
> ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYTFILE, "/cert1.key");
> ld1 = ldap_init(h,p);
> ldap_set_option(ld1, LDAP_OPT_X_TLS_CERTFILE, "/cert2.pem");
> ldap_set_option(ld1, LDAP_OPT_X_TLS_KEYTFILE, "/cert2.key");
> ldap_set_option(ld1, LDAP_OPT_X_NEW_CTX, &(is_server));
> ld2 = ldap_init(h,p);
> and connections to ld1 and ld2 send the right client cert over the
> wire.  Hope this is a resonable API usage -- Much appreciated!
Thanks for the confirmation.

The is_server flag only needs to be set non-zero if you are going to be 
accepting incoming TLS sessions with that context.

   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc
   OpenLDAP Core Team            http://www.openldap.org/project/