You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apr.apache.org by Brad Nicholes <BN...@novell.com> on 2005/01/10 21:23:58 UTC
Re: svn commit: r124821 -
/apr/apr-util/trunk/ldap/apr_ldap_init.c
I would suggest that all of the SDKs call ldapssl_init() rather than
ldap_init(). At least according to the Novell documentation, calling
ldapssl_init(,,0) is equivalent to calling ldap_init() and you won't
have problem like you would if another ldap call is made between the
calls to called ldap_init() and ldapssl_install_routines(). It also
appears that start_tls() doesn't work at least on the Novell SDK if
ldap_init()->ldapssl_install_routines() is called instead of
ldapssl_init().
Brad
>>> bnicholes@apache.org Monday, January 10, 2005 11:59:34 AM >>>
Author: bnicholes
Date: Mon Jan 10 10:59:32 2005
New Revision: 124821
URL: http://svn.apache.org/viewcvs?view=rev&rev=124821
Log:
-Since the apr_ldap_opt_tls_cert_t* structure is call be used as a
linked list, make sure that it initialized to NULL before passing it
into apr_ldap_set_option(). Otherwise the code will try to follow
garbage links.
-Use the correct APR_LDAP_OPT_TLS_CERT #define when calling
apr_ldap_set_option() to add a certificate.
-For the Novell LDAP SDK, always initialize the connection with
ldapssl_init() function. Suggest that all SDKs do the same.
Modified:
apr/apr-util/trunk/ldap/apr_ldap_init.c
Modified: apr/apr-util/trunk/ldap/apr_ldap_init.c
Url:
http://svn.apache.org/viewcvs/apr/apr-util/trunk/ldap/apr_ldap_init.c?view=diff&rev=124821&p1=apr/apr-util/trunk/ldap/apr_ldap_init.c&r1=124820&p2=apr/apr-util/trunk/ldap/apr_ldap_init.c&r2=124821
==============================================================================
--- apr/apr-util/trunk/ldap/apr_ldap_init.c (original)
+++ apr/apr-util/trunk/ldap/apr_ldap_init.c Mon Jan 10 10:59:32
2005
@@ -65,10 +65,10 @@
/* if a certificate was specified, set it */
if (cert_auth_file) {
- apr_ldap_opt_tls_cert_t *cert = (apr_ldap_opt_tls_cert_t
*)apr_palloc(pool, sizeof(apr_ldap_opt_tls_cert_t));
+ apr_ldap_opt_tls_cert_t *cert = (apr_ldap_opt_tls_cert_t
*)apr_pcalloc(pool, sizeof(apr_ldap_opt_tls_cert_t));
cert->type = cert_file_type;
cert->path = cert_auth_file;
- return apr_ldap_set_option(pool, NULL, APR_LDAP_OPT_TLS, (void
*)cert, result_err);
+ return apr_ldap_set_option(pool, NULL, APR_LDAP_OPT_TLS_CERT,
(void *)cert, result_err);
}
#else /* not compiled with SSL Support */
@@ -144,7 +144,16 @@
apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool,
sizeof(apr_ldap_err_t));
*result_err = result;
+#if APR_HAS_NOVELL_LDAPSDK
+ if (secure == APR_LDAP_SSL) {
+ *ldap = ldapssl_init(hostname, portno, 1);
+ }
+ else {
+ *ldap = ldapssl_init(hostname, portno, 0);
+ }
+#else
*ldap = ldap_init((char *)hostname, portno);
+#endif
if (*ldap != NULL) {
return apr_ldap_set_option(pool, *ldap, APR_LDAP_OPT_TLS,
&secure, result_err);
}
Re: svn commit: r124821 - /apr/apr-util/trunk/ldap/apr_ldap_init.c
Posted by Graham Leggett <mi...@sharp.fm>.
Brad Nicholes wrote:
> I would suggest that all of the SDKs call ldapssl_init() rather than
> ldap_init(). At least according to the Novell documentation, calling
> ldapssl_init(,,0) is equivalent to calling ldap_init() and you won't
> have problem like you would if another ldap call is made between the
> calls to called ldap_init() and ldapssl_install_routines(). It also
> appears that start_tls() doesn't work at least on the Novell SDK if
> ldap_init()->ldapssl_install_routines() is called instead of
> ldapssl_init().
On Novell, is it possible to say ldapssl_init(host, port, 0) and then
upgrade that connection to an SSL connection later? (not TLS, but SSL)
Regards,
Graham
--