Return-Path: 
 <dev-return-55126-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 13227 invoked from network); 26 Oct 2006 00:34:23 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 26 Oct 2006 00:34:23 -0000
Received: (qmail 52168 invoked by uid 500); 24 Oct 2006 03:41:09 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 52115 invoked by uid 500); 24 Oct 2006 03:41:09 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 52104 invoked by uid 99); 24 Oct 2006 03:41:09 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Oct 2006 20:41:09 -0700
X-ASF-Spam-Status: No, hits=0.5 required=10.0
	tests=DNS_FROM_RFC_ABUSE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (herse.apache.org: domain of covener@gmail.com designates
 64.233.182.188 as permitted sender)
Received: from [64.233.182.188] (HELO nf-out-0910.google.com) (64.233.182.188)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Oct 2006 20:40:57 -0700
Received: by nf-out-0910.google.com with SMTP id o25so72942nfa
        for <dev@httpd.apache.org>; Mon, 23 Oct 2006 20:40:36 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=mRBfsL3uKUYG+Lv7LcUyNu/QRiNNyL8/YqhktMs04kKSS2ZqLfcP+/haiUoXFFfTNqyvnfr7UAeR+BX+XGhISRSyvEiAZFqvW6h6Fiq6HYNDKIu3L5Ml7pAPpP24lGYOgkC29jEbPjUgjr8R0RrRIuS6TNSr4NeYOQASrQHVUlI=
Received: by 10.48.242.19 with SMTP id p19mr327631nfh;
        Mon, 23 Oct 2006 20:40:35 -0700 (PDT)
Received: by 10.67.106.7 with HTTP; Mon, 23 Oct 2006 20:40:35 -0700 (PDT)
Message-ID: <1404e5910610232040q6dd4137aj408ac48cc59bb9ba@mail.gmail.com>
Date: Mon, 23 Oct 2006 23:40:35 -0400
From: "Eric Covener" <covener@gmail.com>
To: dev@httpd.apache.org
Subject: LDAPTrustedClientCert?
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Virus-Checked: Checked by ClamAV on apache.org

Is anyone familiar wth the state of LDAPTrustedClientCert directive in
trunk and 2.2.x?

util_ldap.c:254
Defined as RSRC_CONF, manual text and examples says directory/location container

util_ldap.c:1635
When the directive is used it results in an entry that's added to the
same array as the LDAPTrustedGlobalCert?

util_ldap.c:271
Connection-time checks in util_ldap look at an array that isn't filled
out by the directive

It seems like this is directive should be relevant, but maybe not so
important, to using the openldap SDK (assuming most people will have a
bundle of CAs they trust, don't connect to many LDAP servers, and
don't require a client cert)

Is there some SDK where LDAPTrustedClientCert in present form somehow works?

-- 
Eric Covener
covener@gmail.com