httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bnicho...@apache.org
Subject svn commit: r169834 - /httpd/httpd/trunk/modules/ldap/util_ldap.c
Date Thu, 12 May 2005 15:35:55 GMT
Author: bnicholes
Date: Thu May 12 08:35:55 2005
New Revision: 169834

URL: http://svn.apache.org/viewcvs?rev=169834&view=rev
Log:
Make sure that the LDAPVerifyServerCert patch is compatibile with apr-util 1.1.x.  Once apr-util
1.2 is released, the ifdef's need to be removed and apr_ldap_set_option() will handle the
SDK differences.

Modified:
    httpd/httpd/trunk/modules/ldap/util_ldap.c

Modified: httpd/httpd/trunk/modules/ldap/util_ldap.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ldap/util_ldap.c?rev=169834&r1=169833&r2=169834&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ldap/util_ldap.c (original)
+++ httpd/httpd/trunk/modules/ldap/util_ldap.c Thu May 12 08:35:55 2005
@@ -330,8 +330,31 @@
         /* always default to LDAP V3 */
         ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
 
+/*XXX All of the #ifdef's need to be removed once apr-util 1.2 is released */
+#ifdef APR_LDAP_OPT_VERIFY_CERT
         apr_ldap_set_option(ldc->pool, ldc->ldap, 
                             APR_LDAP_OPT_VERIFY_CERT, &(st->verify_svr_cert), &(result));
+#else
+#if defined(LDAPSSL_VERIFY_SERVER)
+        if (st->verify_svr_cert) {
+            result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_SERVER);
+        }
+        else {
+            result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_NONE);
+        }
+#elif defined(LDAP_OPT_X_TLS_REQUIRE_CERT)
+		/* This is not a per-connection setting so just pass NULL for the
+		   Ldap connection handle */
+        if (st->verify_svr_cert) {
+			int i = LDAP_OPT_X_TLS_DEMAND;
+			result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i);
+        }
+        else {
+			int i = LDAP_OPT_X_TLS_NEVER;
+			result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i);
+        }
+#endif
+#endif
 
 #ifdef LDAP_OPT_NETWORK_TIMEOUT
         if (st->connectionTimeout > 0) {



Mime
View raw message