apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Graham Leggett" <minf...@sharp.fm>
Subject Re: LDAP changes in apr-util 1.0.x
Date Thu, 06 Jan 2005 08:11:17 GMT
Brad Nicholes said:

>    The problem is that other SDKs such as Novell, do not use
> ldap_set_option() to set the certificates or the SSL mode.  Novell uses
> ldapssl_add_trusted_cert() and ldapssl_start_tls().  As it stands the
> apr_ldap_add_cert() function allows you to add as many certificates as
> you like doing the correct thing for all SDKs under the covers.
> apr_ldap_init() is doing the right thing as far as starting SSL, TLS or
> clear ldap connection regardless of the SDK.  Using
> apr_ldap_set_option() to set certificates or SSL modes would be SDK
> specific.  It has to be abstracted by APR.

That was exactly the point - it would be abstracted by APR. I think the
concern seems to be that the API is getting messy, which is exactly the
thing we're trying to move away from.

It was easy to abstract apr_ldap_init() to support STARTTLS, it's not as
easy to abstract it to support client certificates.

How are client certificates specified within the Novell toolkit?


View raw message