You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by bn...@apache.org on 2005/05/12 00:23:59 UTC
svn commit: r169704 - in /apr/apr-util/trunk: include/apr_ldap_option.h
ldap/apr_ldap_option.c
Author: bnicholes
Date: Wed May 11 15:23:56 2005
New Revision: 169704
URL: http://svn.apache.org/viewcvs?rev=169704&view=rev
Log:
Added the option APR_LDAP_OPT_VERIFY_CERT to the apr_ldap_set_option()
function
Modified:
apr/apr-util/trunk/include/apr_ldap_option.h
apr/apr-util/trunk/ldap/apr_ldap_option.c
Modified: apr/apr-util/trunk/include/apr_ldap_option.h
URL: http://svn.apache.org/viewcvs/apr/apr-util/trunk/include/apr_ldap_option.h?rev=169704&r1=169703&r2=169704&view=diff
==============================================================================
--- apr/apr-util/trunk/include/apr_ldap_option.h (original)
+++ apr/apr-util/trunk/include/apr_ldap_option.h Wed May 11 15:23:56 2005
@@ -51,6 +51,11 @@
* keys globally, or per connection (where supported).
*/
#define APR_LDAP_OPT_TLS_CERT 0x6ffe
+/**
+ * Set the LDAP library to no verify the server certificate. This means
+ * all servers are considered trusted.
+ */
+#define APR_LDAP_OPT_VERIFY_CERT 0x6ffd
/**
* Structures for the apr_set_option() cases
Modified: apr/apr-util/trunk/ldap/apr_ldap_option.c
URL: http://svn.apache.org/viewcvs/apr/apr-util/trunk/ldap/apr_ldap_option.c?rev=169704&r1=169703&r2=169704&view=diff
==============================================================================
--- apr/apr-util/trunk/ldap/apr_ldap_option.c (original)
+++ apr/apr-util/trunk/ldap/apr_ldap_option.c Wed May 11 15:23:56 2005
@@ -103,6 +103,48 @@
option_set_tls(pool, ldap, invalue, result);
break;
+ case APR_LDAP_OPT_VERIFY_CERT:
+#if APR_HAS_NETSCAPE_LDAPSDK || APR_HAS_SOLARIS_LDAPSDK || APR_HAS_MOZILLA_LDAPSK
+ result->reason = "LDAP: Verify certificate not yet supported by APR on the "
+ "Netscape, Solaris or Mozilla LDAP SDKs";
+ result->rc = -1;
+ return APR_EGENERAL;
+#endif
+#if APR_HAS_NOVELL_LDAPSDK
+ if (*((int*)invalue)) {
+ result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_SERVER);
+ }
+ else {
+ result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_NONE);
+ }
+#endif
+#if APR_HAS_OPENLDAP_LDAPSDK
+#ifdef LDAP_OPT_X_TLS
+ /* This is not a per-connection setting so just pass NULL for the
+ Ldap connection handle */
+ if (*((int*)invalue)) {
+ int i = LDAP_OPT_X_TLS_DEMAND;
+ result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i);
+ }
+ else {
+ int i = LDAP_OPT_X_TLS_NEVER;
+ result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i);
+ }
+#else
+ result->reason = "LDAP: SSL/TLS not yet supported by APR on this "
+ "version of the OpenLDAP toolkit";
+ result->rc = -1;
+ return APR_EGENERAL;
+#endif
+#endif
+
+ /* handle the error case */
+ if (result->rc != LDAP_SUCCESS) {
+ result->msg = ldap_err2string(result->rc);
+ result->reason = "LDAP: Could not set verify mode";
+ }
+ break;
+
default:
/* set the option specified using the native LDAP function */
result->rc = ldap_set_option(ldap, option, (void *)invalue);