You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@apr.apache.org by bu...@apache.org on 2007/01/11 18:31:07 UTC
DO NOT REPLY [Bug 41352] New: - openldap and per-connection client certificates in apr-util LDAP
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41352>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41352
Summary: openldap and per-connection client certificates in apr-
util LDAP
Product: APR
Version: HEAD
Platform: Other
OS/Version: other
Status: NEW
Severity: minor
Priority: P2
Component: APR-util
AssignedTo: bugs@apr.apache.org
ReportedBy: covener@gmail.com
The release (2.3.x) version of OpenLDAP does not support
per-connection TLS settings, which apr-util will try to set if
requested (manifests as bad RC from ldap_set_option when ldap!=null)
In the alpha release (2.4.x), OpenLDAP does allow you to set
per-connection TLS settings but requires that you ask for a new
(openssl) TLS context by setting the LDAP_OPT_X_TLS_NEWCTX ldap option
to make them active.
As an additional complication, requesting a new TLS context likely
doesn't work until the next alpha OpenLDAP is released (the broken
behavior of the released alphas is not accounted for in the patch)
see:
http://www.openldap.org/its/index.cgi?findid=4726
Possibly more background at this dev@httpd discussion:
http://mail-archives.apache.org/mod_mbox/httpd-dev/200610.mbox/%3c1404e5910610232040q6dd4137aj408ac48cc59bb9ba@mail.gmail.com%3e
apr-util patch attached that lets apr-util attempt to set
per-connection TLS settings with openldap when the
LDAP_OPT_X_TLS_NEWCTX was available at build time, and otherwise
bails out informatively (in the same fashion is Novell).
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org
DO NOT REPLY [Bug 41352] - openldap and per-connection client certificates in apr-util LDAP
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41352>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41352
wrowe@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |PatchAvailable
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org
DO NOT REPLY [Bug 41352] - openldap and per-connection client certificates in apr-util LDAP
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41352>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41352
------- Additional Comments From covener@gmail.com 2007-01-11 09:32 -------
Created an attachment (id=19395)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=19395&action=view)
correct current openldap client cert behavior, prepare for future support
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org
DO NOT REPLY [Bug 41352] - openldap and per-connection client certificates in apr-util LDAP
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41352>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41352
minfrin@sharp.fm changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #19395|0 |1
is obsolete| |
AssignedTo|bugs@apr.apache.org |minfrin@sharp.fm
Status|NEW |ASSIGNED
------- Additional Comments From minfrin@sharp.fm 2007-11-27 14:38 -------
Created an attachment (id=21197)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=21197&action=view)
Updated patch with standard apr_ldap_set_option support, and starttls support
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org