You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by bn...@apache.org on 2005/05/12 00:23:59 UTC
svn commit: r169704 - in /apr/apr-util/trunk: include/apr_ldap_option.h ldap/apr_ldap_option.c

Author: bnicholes
Date: Wed May 11 15:23:56 2005
New Revision: 169704

URL: http://svn.apache.org/viewcvs?rev=169704&view=rev
Log:
Added the option APR_LDAP_OPT_VERIFY_CERT to the apr_ldap_set_option()
function

Modified:
    apr/apr-util/trunk/include/apr_ldap_option.h
    apr/apr-util/trunk/ldap/apr_ldap_option.c

Modified: apr/apr-util/trunk/include/apr_ldap_option.h
URL: http://svn.apache.org/viewcvs/apr/apr-util/trunk/include/apr_ldap_option.h?rev=169704&r1=169703&r2=169704&view=diff
==============================================================================
--- apr/apr-util/trunk/include/apr_ldap_option.h (original)
+++ apr/apr-util/trunk/include/apr_ldap_option.h Wed May 11 15:23:56 2005
@@ -51,6 +51,11 @@
  * keys globally, or per connection (where supported).
  */
 #define APR_LDAP_OPT_TLS_CERT 0x6ffe
+/**
+ * Set the LDAP library to no verify the server certificate.  This means
+ * all servers are considered trusted.
+ */
+#define APR_LDAP_OPT_VERIFY_CERT 0x6ffd
 
 /**
  * Structures for the apr_set_option() cases

Modified: apr/apr-util/trunk/ldap/apr_ldap_option.c
URL: http://svn.apache.org/viewcvs/apr/apr-util/trunk/ldap/apr_ldap_option.c?rev=169704&r1=169703&r2=169704&view=diff
==============================================================================
--- apr/apr-util/trunk/ldap/apr_ldap_option.c (original)
+++ apr/apr-util/trunk/ldap/apr_ldap_option.c Wed May 11 15:23:56 2005
@@ -103,6 +103,48 @@
         option_set_tls(pool, ldap, invalue, result);
         break;
         
+    case APR_LDAP_OPT_VERIFY_CERT:
+#if APR_HAS_NETSCAPE_LDAPSDK || APR_HAS_SOLARIS_LDAPSDK || APR_HAS_MOZILLA_LDAPSK
+        result->reason = "LDAP: Verify certificate not yet supported by APR on the "
+                         "Netscape, Solaris or Mozilla LDAP SDKs";
+        result->rc = -1;
+        return APR_EGENERAL;
+#endif
+#if APR_HAS_NOVELL_LDAPSDK
+        if (*((int*)invalue)) {
+            result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_SERVER);
+        }
+        else {
+            result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_NONE);
+        }
+#endif
+#if APR_HAS_OPENLDAP_LDAPSDK
+#ifdef LDAP_OPT_X_TLS
+		/* This is not a per-connection setting so just pass NULL for the
+		   Ldap connection handle */
+        if (*((int*)invalue)) {
+			int i = LDAP_OPT_X_TLS_DEMAND;
+			result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i);
+        }
+        else {
+			int i = LDAP_OPT_X_TLS_NEVER;
+			result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i);
+        }
+#else
+        result->reason = "LDAP: SSL/TLS not yet supported by APR on this "
+                         "version of the OpenLDAP toolkit";
+        result->rc = -1;
+        return APR_EGENERAL;
+#endif
+#endif
+
+        /* handle the error case */
+        if (result->rc != LDAP_SUCCESS) {
+            result->msg = ldap_err2string(result->rc);
+            result->reason = "LDAP: Could not set verify mode";
+        }
+        break;
+        
     default:
         /* set the option specified using the native LDAP function */
         result->rc = ldap_set_option(ldap, option, (void *)invalue);