I'm assuming this works in specific environments, perhaps Windows using a Windows AD. I have been unsuccessful creating an SSL connection at all against either Novell Edir's LDAP connector, or against an OpenLDAP directory running on Linux (although a native compile on the Linux box works fine with the same OpenLDAP server).
The patch *does* assist in that it provides a consistent error message across XP, Windows 2000, and Windows Server 2003.
On Sun, Mar 23, 2008 at 6:36 PM, Graham Leggett <firstname.lastname@example.org> wrote:Can you confirm that it works for you? It seems a straightforward change.
Yes, the new code works for me, but I didn't pass any test included in the APR project (if they exist). I simply compiled the new code, and tested the connection, not only with ldaps, but also with simple ldap. I also track the TCP packets with WireShark and checked that SSL handshake was made with ldaps and no plain text password was sent over the wire.
I tested the result in Windows XP and Windows 2000 Server (different wldap32.dll versions), but I think more intensive testing is needed. It is important the user that launches the Apache service and/or the Windows certificate store where we must put the CA certificate (intrinsics of this API).