apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject [PATCH] apr_ldap_ssl_add_cert() - Allowing for multiple ldap server certificates
Date Tue, 14 Dec 2004 18:40:30 GMT
   This adds a new APR-UTIL API called apr_ldap_ssl_add_cert() to allow
the ldap client to store and use multiple certificates when connecting
to multiple ldap servers.  The most immediate need would be when
configuring mod_authnz_ldap with multiple redundant servers.  Since I
have only tested this with the Novell LDAP SDK,  I would just like to
make sure that I am not breaking the current apr_ldap_ssl_init()
functionality especially for other LDAP SDKs before I check it in.

Brad

Index: ldap/apr_ldap_init.c
===================================================================
--- ldap/apr_ldap_init.c	(revision 106958)
+++ ldap/apr_ldap_init.c	(working copy)
@@ -46,6 +46,49 @@
                                    int cert_file_type,
                                    apr_ldap_err_t **result_err) {
 
+    apr_ldap_err_t *result;
+
+    if (cert_auth_file) {
+        return apr_ldap_ssl_add_cert(pool, cert_auth_file,
cert_file_type, result_err);
+    }
+    else {
+        result = (apr_ldap_err_t *)apr_pcalloc(pool,
sizeof(apr_ldap_err_t));
+        *result_err = result;
+#if APR_HAS_LDAP_SSL /* compiled with ssl support */
+
+#if APR_HAS_NOVELL_LDAPSDK
+        result->rc = ldapssl_client_init(NULL, NULL);
+
+        if (LDAP_SUCCESS == result->rc) {
+            return APR_SUCCESS;
+        }
+        else {
+            result->msg = ldap_err2string(result-> rc);
+            result->reason = apr_pstrdup (pool, "LDAP: Could not
initialize SSL");
+            return APR_EGENERAL;
+        }
+#endif
+
+#else
+        result->reason = "LDAP: Attempt to initialize SSL failed. "
+                  "Not built with SSL support.";
+        result->rc = -1;
+        return APR_EGENERAL;
+#endif
+    }
+
+    /* if no cert_auth_file was passed, we assume SSL support
+     * is possible, as we have not been specifically told otherwise.
+     */
+    return APR_SUCCESS;
+
+} 
+
+APU_DECLARE(int) apr_ldap_ssl_add_cert(apr_pool_t *pool,
+                                   const char *cert_auth_file,
+                                   int cert_file_type,
+                                   apr_ldap_err_t **result_err) {
+
     apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool,
sizeof(apr_ldap_err_t));
     *result_err = result;
 
@@ -96,7 +139,7 @@
             result->reason = "LDAP: Invalid certificate type: "
                              "DER or BASE64 type required";
             result->rc = -1;
-        }
+        }        
 
 #elif APR_HAS_OPENLDAP_LDAPSDK
 
Index: include/apr_ldap_init.h
===================================================================
--- include/apr_ldap_init.h	(revision 106958)
+++ include/apr_ldap_init.h	(working copy)
@@ -34,6 +34,11 @@
                                    int cert_file_type,
                                    apr_ldap_err_t **result_err);
 
+APU_DECLARE(int) apr_ldap_ssl_add_cert(apr_pool_t *pool,
+                                   const char *cert_auth_file,
+                                   int cert_file_type,
+                                   apr_ldap_err_t **result_err);
+
 APU_DECLARE(int) apr_ldap_ssl_deinit(void);
 
 APU_DECLARE(int) apr_ldap_init(apr_pool_t *pool,


Mime
View raw message