apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r124493 - /apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c
Date Fri, 07 Jan 2005 12:58:16 GMT
Author: minfrin
Date: Fri Jan  7 04:58:15 2005
New Revision: 124493

URL: http://svn.apache.org/viewcvs?view=rev&rev=124493
Log:
Remove the apr_ldap_ssl_add_client_cert() from APR v1.0 (new APIs are not
to be added between point releases. Clarify the behaviour of apr_ldap_ssl_init()
if it is called multiple times.

Modified:
   apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c

Modified: apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c
Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c?view=diff&rev=124493&p1=apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c&r1=124492&p2=apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c&r2=124493
==============================================================================
--- apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c	(original)
+++ apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c	Fri Jan  7 04:58:15 2005
@@ -32,9 +32,26 @@
 /**
  * APR LDAP SSL Initialise function
  *
- * This function sets up any SSL certificate parameters as
- * required by the application. It should be called once on
- * system initialisation.
+ * This function initialises SSL on the underlying LDAP toolkit
+ * if this is necessary.
+ *
+ * Multiple CA certificates can be specified by calling this function
+ * more than once. If no CA certtificates are to be specified (for
+ * example on systems where certs are stored in a registry store)
+ * this function must be called at least once with a cert_auth_file
+ * of NULL.
+ *
+ * The best practice is to perform the NULL call exactly once, followed
+ * by the certificate specification as many times as is necessary.
+ *
+ * apr_ldap_ssl_init(p, NULL, 0, result)
+ * apr_ldap_ssl_init(p, cert1, cert1_type, result)
+ * apr_ldap_ssl_init(p, cert2, cert2_type, result)
+ *
+ * The legacy behaviour of specifying the certificate once is still
+ * supported:
+ *
+ * apr_ldap_ssl_init(p, cert, cert_type, result)
  *
  * If SSL support is not available on this platform, or a problem
  * was encountered while trying to set the certificate, the function
@@ -46,75 +63,14 @@
                                    int cert_file_type,
                                    apr_ldap_err_t **result_err) {
 
-    apr_ldap_err_t *result;
-
-    if (cert_auth_file) {
-        return apr_ldap_ssl_add_cert(pool,
-                                     cert_auth_file,
-                                     cert_file_type,
-                                     result_err);
-    }
-    else {
-        result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
-        *result_err = result;
-#if APR_HAS_LDAP_SSL /* compiled with ssl support */
-
-        /* Novell needs special initialisation */
-#if APR_HAS_NOVELL_LDAPSDK
-#if APR_HAS_LDAPSSL_CLIENT_INIT
-        result->rc = ldapssl_client_init(NULL, NULL);
-
-        if (LDAP_SUCCESS == result->rc) {
-            return APR_SUCCESS;
-        }
-        else {
-            result->msg = ldap_err2string(result-> rc);
-            result->reason = apr_pstrdup (pool, "LDAP: Could not "
-                                                "initialize SSL");
-            return APR_EGENERAL;
-        }
-#else
-        result->reason = "LDAP: ldapssl_client_init() function not "
-                         "supported by this Novell SDK. SSL not "
-                         "initialised";
-        result->rc = -1;
-#endif
-#endif
-
-#endif
-    }
-
-    /* if no cert_auth_file was passed, we assume SSL support
-     * is possible, as we have not been specifically told otherwise.
-     */
-    return APR_SUCCESS;
-
-} 
-
-
-/**
- * APR LDAP SSL add client certificate function.
- *
- * This function sets up an optional client certificate to be used
- * when connecting to the remote LDAP server.
- * If SSL support is not available on this platform, or a problem
- * was encountered while trying to set the certificate, the function
- * will return APR_EGENERAL. Further LDAP specific error information
- * can be found in result_err.
- */
-APU_DECLARE(int) apr_ldap_ssl_add_cert(apr_pool_t *pool,
-                                       const char *cert_auth_file,
-                                       int cert_file_type,
-                                       apr_ldap_err_t **result_err) {
-
     apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
     *result_err = result;
 
-    if (cert_auth_file) {
 #if APR_HAS_LDAP_SSL /* compiled with ssl support */
 
-        /* Netscape SDK */
+    /* Netscape SDK */
 #if APR_HAS_NETSCAPE_LDAPSK
+    if (cert_auth_file) {
 #if APR_HAS_LDAP_SSL_CLIENT_INIT
         /* Netscape sdk only supports a cert7.db file 
          */
@@ -132,34 +88,43 @@
                          "authority file not set";
         result->rc = -1;
 #endif
+    }
 #endif
-        /* Novell SDK */
+
+    /* Novell SDK */
 #if APR_HAS_NOVELL_LDAPSDK
 #if APR_HAS_LDAPSSL_CLIENT_INIT && APR_HAS_LDAPSSL_ADD_TRUSTED_CERT && APR_HAS_LDAPSSL_CLIENT_DEINIT
+    /* Novell's library needs to be inititalised first */
+    result->rc = ldapssl_client_init(NULL, NULL);
+    if (LDAP_SUCCESS != result->rc) {
+            result->msg = ldap_err2string(result-> rc);
+            result->reason = apr_pstrdup (pool, "LDAP: Could not "
+                                                "initialize SSL");
+    }
+
+    /* set one or more certificates */
+    else if (cert_auth_file) {
         /* Novell SDK supports DER or BASE64 files
          */
         if (cert_file_type == APR_LDAP_CA_TYPE_DER  ||
             cert_file_type == APR_LDAP_CA_TYPE_BASE64 ) {
 
-            result->rc = ldapssl_client_init(NULL, NULL);
-            if (LDAP_SUCCESS == result->rc) {
-                if (cert_file_type == APR_LDAP_CA_TYPE_BASE64) {
-                    result->rc = ldapssl_add_trusted_cert((void*)cert_auth_file, 
-                                              LDAPSSL_CERT_FILETYPE_B64);
-                }
-                else {
-                    result->rc = ldapssl_add_trusted_cert((void*)cert_auth_file, 
-                                              LDAPSSL_CERT_FILETYPE_DER);
-                }
-
-                if (LDAP_SUCCESS != result->rc) {
-                    ldapssl_client_deinit();
-                    result->reason = apr_psprintf(pool, 
-                                                  "LDAP: Invalid certificate "
-                                                  "or path: Could not add "
-                                                  "trusted cert %s", 
-                                                  cert_auth_file);
-                }
+            if (cert_file_type == APR_LDAP_CA_TYPE_BASE64) {
+                result->rc = ldapssl_add_trusted_cert((void*)cert_auth_file, 
+                                          LDAPSSL_CERT_FILETYPE_B64);
+            }
+            else {
+                result->rc = ldapssl_add_trusted_cert((void*)cert_auth_file, 
+                                          LDAPSSL_CERT_FILETYPE_DER);
+            }
+
+            if (LDAP_SUCCESS != result->rc) {
+                ldapssl_client_deinit();
+                result->reason = apr_psprintf(pool, 
+                                              "LDAP: Invalid certificate "
+                                              "or path: Could not add "
+                                              "trusted cert %s", 
+                                              cert_auth_file);
             }
         }
         else {
@@ -167,18 +132,20 @@
                              "DER or BASE64 type required";
             result->rc = -1;
         }
+    }
 #else
-        result->reason = "LDAP: ldapssl_client_init(), "
-                         "ldapssl_add_trusted_cert() or "
-                         "ldapssl_client_deinit() functions not supported "
-                         "by this Novell SDK. Certificate authority file "
-                         "not set";
-        result->rc = -1;
+    result->reason = "LDAP: ldapssl_client_init(), "
+                     "ldapssl_add_trusted_cert() or "
+                     "ldapssl_client_deinit() functions not supported "
+                     "by this Novell SDK. Certificate authority file "
+                     "not set";
+    result->rc = -1;
 #endif
 #endif
 
-        /* openldap SDK */
+    /* openldap SDK */
 #if APR_HAS_OPENLDAP_LDAPSDK
+    if (cert_auth_file) {
 #ifdef LDAP_OPT_X_TLS_CACERTFILE
         /* OpenLDAP SDK supports BASE64 files
          */
@@ -198,54 +165,54 @@
                          "authority file not set";
         result->rc = -1;
 #endif
+    }
 #endif
 
-        /* microsoft SDK */
+    /* microsoft SDK */
 #if APR_HAS_MICROSOFT_LDAPSDK
-        /* Microsoft SDK use the registry certificate store - always
-         * assume support is always available
-         */
-        result->rc = LDAP_SUCCESS;
+    /* Microsoft SDK use the registry certificate store - always
+     * assume support is always available
+     */
+    result->rc = LDAP_SUCCESS;
 #endif
 
-        /* Sun SDK */
+    /* Sun SDK */
 #if APR_HAS_SOLARIS_LDAPSDK
+    if (cert_auth_file) {
         result->reason = "LDAP: Attempt to set certificate store failed. "
                          "APR does not yet know how to set a certificate "
                          "store on the Sun toolkit";
         result->rc = -1;
+    }
 #endif
 
-        /* SDK not recognised */
+    /* SDK not recognised */
 #if APR_HAS_OTHER_LDAPSDK
+    if (cert_auth_file) {
         /* unknown toolkit type, assume no support available */
         result->reason = "LDAP: Attempt to set certificate store failed. "
                          "Toolkit type not recognised by APR as supporting "
                          "SSL";
         result->rc = -1;
+    }
 #endif
 
 #else  /* not compiled with SSL Support */
+    if (cert_auth_file) {
         result->reason = "LDAP: Attempt to set certificate store failed. "
                          "Not built with SSL support";
         result->rc = -1;
+    }
 #endif /* APR_HAS_LDAP_SSL */
 
-        if (result->rc != -1) {
-            result->msg = ldap_err2string(result-> rc);
-        }
+    if (result->rc != -1) {
+        result->msg = ldap_err2string(result-> rc);
+    }
 
-        if (LDAP_SUCCESS == result->rc) {
-            return APR_SUCCESS;
-        }
-        else {
-            return APR_EGENERAL;
-        }
+    if (LDAP_SUCCESS != result->rc) {
+        return APR_EGENERAL;
     }
 
-    /* if no cert_auth_file was passed, we assume SSL support
-     * is possible, as we have not been specifically told otherwise.
-     */
     return APR_SUCCESS;
 
 } 

Mime
View raw message