apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject Re: LDAP changes in apr-util 1.0.x
Date Thu, 06 Jan 2005 16:35:40 GMT
>It was easy to abstract apr_ldap_init() to support STARTTLS, it's not
as
>easy to abstract it to support client certificates.
>
>How are client certificates specified within the Novell toolkit?

With the API's ldapssl_set_client_cert() and
ldapssl_set_client_private_key()


Brad


>>> "Graham Leggett" <minfrin@sharp.fm> Thursday, January 06, 2005 1:11
AM >>>
Brad Nicholes said:

>    The problem is that other SDKs such as Novell, do not use
> ldap_set_option() to set the certificates or the SSL mode.  Novell
uses
> ldapssl_add_trusted_cert() and ldapssl_start_tls().  As it stands
the
> apr_ldap_add_cert() function allows you to add as many certificates
as
> you like doing the correct thing for all SDKs under the covers.
> apr_ldap_init() is doing the right thing as far as starting SSL, TLS
or
> clear ldap connection regardless of the SDK.  Using
> apr_ldap_set_option() to set certificates or SSL modes would be SDK
> specific.  It has to be abstracted by APR.

That was exactly the point - it would be abstracted by APR. I think
the
concern seems to be that the API is getting messy, which is exactly
the
thing we're trying to move away from.

It was easy to abstract apr_ldap_init() to support STARTTLS, it's not
as
easy to abstract it to support client certificates.

How are client certificates specified within the Novell toolkit?

Regards,
Graham
--


Mime
View raw message