apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject [PATCH] TLS per-connection settings under OpenLDAP
Date Tue, 14 Nov 2006 19:21:48 GMT
The release (2.3.x) version of OpenLDAP does not support
per-connection TLS settings, which apr-util will try to set if
requested  (manifests as bad RC from ldap_set_option when ldap!=null)

In the alpha release (2.4.x), OpenLDAP does allow you to set
per-connection TLS settings but requires that you ask for a new
(openssl) TLS context by setting the LDAP_OPT_X_TLS_NEWCTX ldap option
to make them active.

As an additional complication, requesting a new TLS context likely
doesn't work until the next alpha OpenLDAP is released (the broken
behavior of the released alphas is not accounted for in the patch)

Possibly more background at this dev@httpd discussion:

apr-util patch attached that lets apr-util attempt to set
per-connection TLS settings with openldap when the
LDAP_OPT_X_TLS_NEWCTX  was available at build time, and otherwise
bails out informatively (in the same fashion is Novell).

Eric Covener

View raw message