Return-Path: X-Original-To: apmail-apr-dev-archive@www.apache.org Delivered-To: apmail-apr-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 299D210788 for ; Tue, 18 Feb 2014 20:52:58 +0000 (UTC) Received: (qmail 11552 invoked by uid 500); 18 Feb 2014 20:52:56 -0000 Delivered-To: apmail-apr-dev-archive@apr.apache.org Received: (qmail 11431 invoked by uid 500); 18 Feb 2014 20:52:55 -0000 Mailing-List: contact dev-help@apr.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Id: Delivered-To: mailing list dev@apr.apache.org Received: (qmail 11423 invoked by uid 99); 18 Feb 2014 20:52:55 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Feb 2014 20:52:55 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of covener@gmail.com designates 209.85.220.181 as permitted sender) Received: from [209.85.220.181] (HELO mail-vc0-f181.google.com) (209.85.220.181) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Feb 2014 20:52:49 +0000 Received: by mail-vc0-f181.google.com with SMTP id ie18so13325193vcb.26 for ; Tue, 18 Feb 2014 12:52:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=pvfgdTzB9dVMzOb78Pq9x2yCI1qFRxXYeq8Amm5yKAI=; b=FFadqqZ7dwh1kdM9Te2qBNVOCDav0IoFcsfGIDSzWgCJfAmmvEVMRugfcqCD6ETVo1 11dtcAl74CWBz56CEVkqJ7a4d9uAoWbkLqgJ2PhjwG+srxrWf5q+geDlLHI2MMEFJs3U RLV9WS//phE/cw1CT5sZF1LD+JqWRw6wakUf9Wj66WC3UIHHsVtwl9raUTJy2rV0HHoe zO0dGKYkAI3PN4CNq3Bq0+vb4zOVXxIU+rKA37+crJbpxMyEq5Zu2+4wcFeVql6RS+KC FjmreumgfCntPoR5KsI/7XaA/1emDi1boEIWfataItuPjDZ/FYnDTxWDsG7Xc56HoR44 ahfw== MIME-Version: 1.0 X-Received: by 10.52.102.235 with SMTP id fr11mr3030683vdb.51.1392756749021; Tue, 18 Feb 2014 12:52:29 -0800 (PST) Received: by 10.58.54.52 with HTTP; Tue, 18 Feb 2014 12:52:28 -0800 (PST) In-Reply-To: References: Date: Tue, 18 Feb 2014 15:52:28 -0500 Message-ID: Subject: Re: configuring apr-util --with-ldap against idsldap (aka tivoli) From: Eric Covener To: Graham Leggett Cc: APR Development List , Michael Felt Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org For when we revisit, or maybe for Michael -- In APU, the immediate problem with SSL is that apr_ldap_ssl_init happens before the certificate options are set. The underlying Tivoli toolkit wants info about the global_certs passed into that call. autoconf for basic stuff, not really used because we bake it into httpd below: http://people.apache.org/~covener/patches/apuldap-itds1.diff replacement we use instead of apr_ldap_ssl_init for tivoli: http://people.apache.org/~covener/patches/tivoli_ssl_init.txt On Tue, Feb 18, 2014 at 3:42 PM, Graham Leggett wrote: > On 18 Feb 2014, at 10:35 PM, Eric Covener wrote: > >> I (IBM) have some patches in this area that didn't make it to APR or HTT= PD :( >> >> Unortunately Tivoli SSL initialization doesn't fit into how APU >> initializes SSL and we are currently using hacks in both APU and >> HTTPD. > > I am about half way through the APR v2.0 replacement of the API. Not only= is the init really tricky, with every toolkit out there having a unique va= riation, but the bind has a bunch of variation too. Then there is the passi= ng of binary objects which has toolkit specific definitions of lengths. It = has made coming up with an API quite a challenge. > > My current biggest challenge is a pile of work I have that needs doing, s= o can't look at it now alas. > > Regards, > Graham > -- > --=20 Eric Covener covener@gmail.com