apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject [PATCH] TLS per-connection settings under OpenLDAP
Date Tue, 14 Nov 2006 19:21:48 GMT
The release (2.3.x) version of OpenLDAP does not support
per-connection TLS settings, which apr-util will try to set if
requested  (manifests as bad RC from ldap_set_option when ldap!=null)

In the alpha release (2.4.x), OpenLDAP does allow you to set
per-connection TLS settings but requires that you ask for a new
(openssl) TLS context by setting the LDAP_OPT_X_TLS_NEWCTX ldap option
to make them active.

As an additional complication, requesting a new TLS context likely
doesn't work until the next alpha OpenLDAP is released (the broken
behavior of the released alphas is not accounted for in the patch)
see:
http://www.openldap.org/its/index.cgi?findid=4726

Possibly more background at this dev@httpd discussion:
http://mail-archives.apache.org/mod_mbox/httpd-dev/200610.mbox/%3c1404e5910610232040q6dd4137aj408ac48cc59bb9ba@mail.gmail.com%3e

apr-util patch attached that lets apr-util attempt to set
per-connection TLS settings with openldap when the
LDAP_OPT_X_TLS_NEWCTX  was available at build time, and otherwise
bails out informatively (in the same fashion is Novell).

-- 
Eric Covener
covener@gmail.com

Mime
View raw message