apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r125506 - /apr/apr-util/trunk/include/apr_ldap_option.h /apr/apr-util/trunk/ldap/apr_ldap_option.c
Date Tue, 18 Jan 2005 13:49:11 GMT
Author: minfrin
Date: Tue Jan 18 05:49:09 2005
New Revision: 125506

URL: http://svn.apache.org/viewcvs?view=rev&rev=125506
Log:
Add support for Netscape client certificates.

Modified:
   apr/apr-util/trunk/include/apr_ldap_option.h
   apr/apr-util/trunk/ldap/apr_ldap_option.c

Modified: apr/apr-util/trunk/include/apr_ldap_option.h
Url: http://svn.apache.org/viewcvs/apr/apr-util/trunk/include/apr_ldap_option.h?view=diff&rev=125506&p1=apr/apr-util/trunk/include/apr_ldap_option.h&r1=125505&p2=apr/apr-util/trunk/include/apr_ldap_option.h&r2=125506
==============================================================================
--- apr/apr-util/trunk/include/apr_ldap_option.h	(original)
+++ apr/apr-util/trunk/include/apr_ldap_option.h	Tue Jan 18 05:49:09 2005
@@ -89,18 +89,19 @@
  * May have one or more client certificates set per connection with a type of
  * APR_LDAP_CERT*, and keys with APR_LDAP_KEY*.
  */
-#define APR_LDAP_CA_TYPE_UNKNOWN  0
-#define APR_LDAP_CA_TYPE_DER      1
-#define APR_LDAP_CA_TYPE_BASE64   2
-#define APR_LDAP_CA_TYPE_CERT7_DB 3
-#define APR_LDAP_CA_TYPE_SECMOD 4
-#define APR_LDAP_CERT_TYPE_UNKNOWN 5
-#define APR_LDAP_CERT_TYPE_DER 6
-#define APR_LDAP_CERT_TYPE_BASE64 7
-#define APR_LDAP_CERT_TYPE_KEY3_DB 8
-#define APR_LDAP_KEY_TYPE_UNKNOWN 9
-#define APR_LDAP_KEY_TYPE_DER 10
-#define APR_LDAP_KEY_TYPE_BASE64 11
+#define APR_LDAP_CA_TYPE_UNKNOWN    0
+#define APR_LDAP_CA_TYPE_DER        1
+#define APR_LDAP_CA_TYPE_BASE64     2
+#define APR_LDAP_CA_TYPE_CERT7_DB   3
+#define APR_LDAP_CA_TYPE_SECMOD     4
+#define APR_LDAP_CERT_TYPE_UNKNOWN  5
+#define APR_LDAP_CERT_TYPE_DER      6
+#define APR_LDAP_CERT_TYPE_BASE64   7
+#define APR_LDAP_CERT_TYPE_KEY3_DB  8
+#define APR_LDAP_CERT_TYPE_NICKNAME 9
+#define APR_LDAP_KEY_TYPE_UNKNOWN   10
+#define APR_LDAP_KEY_TYPE_DER       11
+#define APR_LDAP_KEY_TYPE_BASE64    12
 
 typedef struct apr_ldap_opt_tls_cert_t apr_ldap_opt_tls_cert_t;
 struct apr_ldap_opt_tls_cert_t {

Modified: apr/apr-util/trunk/ldap/apr_ldap_option.c
Url: http://svn.apache.org/viewcvs/apr/apr-util/trunk/ldap/apr_ldap_option.c?view=diff&rev=125506&p1=apr/apr-util/trunk/ldap/apr_ldap_option.c&r1=125505&p2=apr/apr-util/trunk/ldap/apr_ldap_option.c&r2=125506
==============================================================================
--- apr/apr-util/trunk/ldap/apr_ldap_option.c	(original)
+++ apr/apr-util/trunk/ldap/apr_ldap_option.c	Tue Jan 18 05:49:09 2005
@@ -308,6 +308,7 @@
 
 #if APR_HAS_NETSCAPE_LDAPSDK
 #if APR_HAS_LDAP_SSL_CLIENT_INIT
+    const char *nickname = NULL;
     const char *secmod = NULL;
     const char *key3db = NULL;
     const char *cert7db = NULL;
@@ -324,6 +325,9 @@
         case APR_LDAP_CERT_TYPE_KEY3_DB:
             key3db = cert->path;
             break;
+        case APR_LDAP_CERT_TYPE_NICKNAME:
+            nickname = cert->path;
+            break;
         default:
             result->rc = -1;
             result->reason = "LDAP: The Netscape/Mozilla LDAP SDK only "
@@ -339,7 +343,17 @@
 
     /* actually set the certificate parameters */
     if (result->rc == LDAP_SUCCESS) {
-        if (secmod) {
+        if (nickname) {
+            result->rc = ldapssl_enable_clientauth(ldap, "",
+                                                   cert->password,
+                                                   nickname);
+            if (result->rc != LDAP_SUCCESS) {
+                result->reason = "LDAP: could not set client certificate: "
+                                 "ldapssl_enable_clientauth() failed.";
+                result->msg = ldap_err2string(result->rc);
+            }
+        }
+        else if (secmod) {
             result->rc = ldapssl_advclientauth_init(cert7db, NULL,
                                                     key3db ? 1 : 0, key3db, NULL,
                                                     1, secmod, LDAPSSL_AUTH_CNCHECK);

Mime
View raw message