You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@apr.apache.org by bn...@apache.org on 2005/01/10 20:05:20 UTC

svn commit: r124824 - /apr/apr-util/trunk/ldap/apr_ldap_option.c

Author: bnicholes
Date: Mon Jan 10 11:05:18 2005
New Revision: 124824

URL: http://svn.apache.org/viewcvs?view=rev&rev=124824
Log:
Remove the call to ldapssl_install_routines for the Novell SDK.  Do to the warning that states that if any other ldap call is made between the calls to ldap_init() and ldapssl_install_routines(), it is safer for the Novell SDK to always initialize the connection using ldapssl_init(). Suggest that other SDKs do the same.
Modified:
   apr/apr-util/trunk/ldap/apr_ldap_option.c

Modified: apr/apr-util/trunk/ldap/apr_ldap_option.c
Url: http://svn.apache.org/viewcvs/apr/apr-util/trunk/ldap/apr_ldap_option.c?view=diff&rev=124824&p1=apr/apr-util/trunk/ldap/apr_ldap_option.c&r1=124823&p2=apr/apr-util/trunk/ldap/apr_ldap_option.c&r2=124824
==============================================================================
--- apr/apr-util/trunk/ldap/apr_ldap_option.c	(original)
+++ apr/apr-util/trunk/ldap/apr_ldap_option.c	Mon Jan 10 11:05:18 2005
@@ -164,7 +164,7 @@
 #endif
 
     /* Novell SDK */
-#if APR_HAS_NOVELL_SDK
+#if APR_HAS_NOVELL_LDAPSDK
     /* ldapssl_install_routines(ldap)
      * Behavior is unpredictable when other LDAP functions are called
      * between the ldap_init function and the ldapssl_install_routines
@@ -172,15 +172,15 @@
      * 
      * STARTTLS is supported by the ldap_start_tls_s() method
      */
-    if (APR_LDAP_SSL == tls) {
+    /*if ((APR_LDAP_SSL == tls) || (APR_LDAP_STARTTLS == tls)) {
         result->rc = ldapssl_install_routines(ldap);
         if (result->rc != LDAP_SUCCESS) {
             result->msg = ldap_err2string(result->rc);
             result->reason = "LDAP: Could not switch SSL on for this "
                              "connection.";
         }
-    }
-    else if (APR_LDAP_STARTTLS == tls) {
+    }*/
+    if (APR_LDAP_STARTTLS == tls) {
         result->rc = ldapssl_start_tls(ldap);
         if (result->rc != LDAP_SUCCESS) {
             result->msg = ldap_err2string(result->rc);
@@ -415,28 +415,28 @@
             case APR_LDAP_CERT_TYPE_DER: {
                 result->rc = ldapssl_set_client_cert((void *)cert->path,
                                       LDAPSSL_CERT_FILETYPE_DER,
-                                      cert->password);
+                                      (void*)cert->password);
                 result->msg = ldap_err2string(result->rc);
                 break;
             }
             case APR_LDAP_CERT_TYPE_BASE64: {
                 result->rc = ldapssl_set_client_cert((void *)cert->path,
                                       LDAPSSL_CERT_FILETYPE_B64,
-                                      cert->password);
+                                      (void*)cert->password);
                 result->msg = ldap_err2string(result->rc);
                 break;
             }
             case APR_LDAP_KEY_TYPE_DER: {
                 result->rc = ldapssl_set_client_private_key((void *)cert->path,
                                       LDAPSSL_CERT_FILETYPE_DER,
-                                      cert->password);
+                                      (void*)cert->password);
                 result->msg = ldap_err2string(result->rc);
                 break;
             }
             case APR_LDAP_KEY_TYPE_BASE64: {
                 result->rc = ldapssl_set_client_private_key((void *)cert->path,
                                       LDAPSSL_CERT_FILETYPE_B64,
-                                      cert->password);
+                                      (void*)cert->password);
                 result->msg = ldap_err2string(result->rc);
                 break;
             }

Re: svn commit: r124824 - /apr/apr-util/trunk/ldap/apr_ldap_option.c

Posted by Graham Leggett <mi...@sharp.fm>.

bnicholes@apache.org wrote:

> URL: http://svn.apache.org/viewcvs?view=rev&rev=124824
> Log:
> Remove the call to ldapssl_install_routines for the Novell SDK.  Do to the warning that states that if any other ldap call is made between the calls to ldap_init() and ldapssl_install_routines(), it is safer for the Novell SDK to always initialize the connection using ldapssl_init(). Suggest that other SDKs do the same.

This is incompatible with client certificates on OpenLDAP - here client 
certs are configured between ldap_init() and apr_ldap_set_option() on a 
per connection basis, which is impossible if you use ldapssl_init() to 
init the connection.

:(

Regards,
Graham
--

Re: svn commit: r124824 - /apr/apr-util/trunk/ldap/apr_ldap_option.c

Posted by Graham Leggett <mi...@sharp.fm>.

bnicholes@apache.org wrote:

> URL: http://svn.apache.org/viewcvs?view=rev&rev=124824
> Log:
> Remove the call to ldapssl_install_routines for the Novell SDK.  Do to the warning that states that if any other ldap call is made between the calls to ldap_init() and ldapssl_install_routines(), it is safer for the Novell SDK to always initialize the connection using ldapssl_init(). Suggest that other SDKs do the same.

This is incompatible with client certificates on OpenLDAP - here client 
certs are configured between ldap_init() and apr_ldap_set_option() on a 
per connection basis, which is impossible if you use ldapssl_init() to 
init the connection.

:(

Regards,
Graham
--