From dev-return-13527-apmail-apr-dev-archive=apr.apache.org@apr.apache.org Mon Jan 10 20:24:14 2005 Return-Path: Delivered-To: apmail-apr-dev-archive@www.apache.org Received: (qmail 39804 invoked from network); 10 Jan 2005 20:24:14 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 10 Jan 2005 20:24:14 -0000 Received: (qmail 73437 invoked by uid 500); 10 Jan 2005 20:24:13 -0000 Delivered-To: apmail-apr-dev-archive@apr.apache.org Received: (qmail 73396 invoked by uid 500); 10 Jan 2005 20:24:13 -0000 Mailing-List: contact dev-help@apr.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Delivered-To: mailing list dev@apr.apache.org Received: (qmail 73361 invoked by uid 99); 10 Jan 2005 20:24:12 -0000 X-ASF-Spam-Status: No, hits=0.4 required=10.0 tests=DNS_FROM_RFC_ABUSE X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from sinclair.provo.novell.com (HELO sinclair.provo.novell.com) (137.65.81.169) by apache.org (qpsmtpd/0.28) with ESMTP; Mon, 10 Jan 2005 12:24:11 -0800 Received: from INET-PRV-MTA by sinclair.provo.novell.com with Novell_GroupWise; Mon, 10 Jan 2005 13:24:09 -0700 Message-Id: X-Mailer: Novell GroupWise Internet Agent 6.5.4 Beta Date: Mon, 10 Jan 2005 13:23:58 -0700 From: "Brad Nicholes" To: Cc: Subject: Re: svn commit: r124821 - /apr/apr-util/trunk/ldap/apr_ldap_init.c Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N I would suggest that all of the SDKs call ldapssl_init() rather than ldap_init(). At least according to the Novell documentation, calling ldapssl_init(,,0) is equivalent to calling ldap_init() and you won't have problem like you would if another ldap call is made between the calls to called ldap_init() and ldapssl_install_routines(). It also appears that start_tls() doesn't work at least on the Novell SDK if ldap_init()->ldapssl_install_routines() is called instead of ldapssl_init(). Brad >>> bnicholes@apache.org Monday, January 10, 2005 11:59:34 AM >>> Author: bnicholes Date: Mon Jan 10 10:59:32 2005 New Revision: 124821 URL: http://svn.apache.org/viewcvs?view=rev&rev=124821 Log: -Since the apr_ldap_opt_tls_cert_t* structure is call be used as a linked list, make sure that it initialized to NULL before passing it into apr_ldap_set_option(). Otherwise the code will try to follow garbage links. -Use the correct APR_LDAP_OPT_TLS_CERT #define when calling apr_ldap_set_option() to add a certificate. -For the Novell LDAP SDK, always initialize the connection with ldapssl_init() function. Suggest that all SDKs do the same. Modified: apr/apr-util/trunk/ldap/apr_ldap_init.c Modified: apr/apr-util/trunk/ldap/apr_ldap_init.c Url: http://svn.apache.org/viewcvs/apr/apr-util/trunk/ldap/apr_ldap_init.c?view=diff&rev=124821&p1=apr/apr-util/trunk/ldap/apr_ldap_init.c&r1=124820&p2=apr/apr-util/trunk/ldap/apr_ldap_init.c&r2=124821 ============================================================================== --- apr/apr-util/trunk/ldap/apr_ldap_init.c (original) +++ apr/apr-util/trunk/ldap/apr_ldap_init.c Mon Jan 10 10:59:32 2005 @@ -65,10 +65,10 @@ /* if a certificate was specified, set it */ if (cert_auth_file) { - apr_ldap_opt_tls_cert_t *cert = (apr_ldap_opt_tls_cert_t *)apr_palloc(pool, sizeof(apr_ldap_opt_tls_cert_t)); + apr_ldap_opt_tls_cert_t *cert = (apr_ldap_opt_tls_cert_t *)apr_pcalloc(pool, sizeof(apr_ldap_opt_tls_cert_t)); cert->type = cert_file_type; cert->path = cert_auth_file; - return apr_ldap_set_option(pool, NULL, APR_LDAP_OPT_TLS, (void *)cert, result_err); + return apr_ldap_set_option(pool, NULL, APR_LDAP_OPT_TLS_CERT, (void *)cert, result_err); } #else /* not compiled with SSL Support */ @@ -144,7 +144,16 @@ apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); *result_err = result; +#if APR_HAS_NOVELL_LDAPSDK + if (secure == APR_LDAP_SSL) { + *ldap = ldapssl_init(hostname, portno, 1); + } + else { + *ldap = ldapssl_init(hostname, portno, 0); + } +#else *ldap = ldap_init((char *)hostname, portno); +#endif if (*ldap != NULL) { return apr_ldap_set_option(pool, *ldap, APR_LDAP_OPT_TLS, &secure, result_err); }