You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by mi...@apache.org on 2005/01/18 14:49:11 UTC
svn commit: r125506 - /apr/apr-util/trunk/include/apr_ldap_option.h /apr/apr-util/trunk/ldap/apr_ldap_option.c
Author: minfrin
Date: Tue Jan 18 05:49:09 2005
New Revision: 125506
URL: http://svn.apache.org/viewcvs?view=rev&rev=125506
Log:
Add support for Netscape client certificates.
Modified:
apr/apr-util/trunk/include/apr_ldap_option.h
apr/apr-util/trunk/ldap/apr_ldap_option.c
Modified: apr/apr-util/trunk/include/apr_ldap_option.h
Url: http://svn.apache.org/viewcvs/apr/apr-util/trunk/include/apr_ldap_option.h?view=diff&rev=125506&p1=apr/apr-util/trunk/include/apr_ldap_option.h&r1=125505&p2=apr/apr-util/trunk/include/apr_ldap_option.h&r2=125506
==============================================================================
--- apr/apr-util/trunk/include/apr_ldap_option.h (original)
+++ apr/apr-util/trunk/include/apr_ldap_option.h Tue Jan 18 05:49:09 2005
@@ -89,18 +89,19 @@
* May have one or more client certificates set per connection with a type of
* APR_LDAP_CERT*, and keys with APR_LDAP_KEY*.
*/
-#define APR_LDAP_CA_TYPE_UNKNOWN 0
-#define APR_LDAP_CA_TYPE_DER 1
-#define APR_LDAP_CA_TYPE_BASE64 2
-#define APR_LDAP_CA_TYPE_CERT7_DB 3
-#define APR_LDAP_CA_TYPE_SECMOD 4
-#define APR_LDAP_CERT_TYPE_UNKNOWN 5
-#define APR_LDAP_CERT_TYPE_DER 6
-#define APR_LDAP_CERT_TYPE_BASE64 7
-#define APR_LDAP_CERT_TYPE_KEY3_DB 8
-#define APR_LDAP_KEY_TYPE_UNKNOWN 9
-#define APR_LDAP_KEY_TYPE_DER 10
-#define APR_LDAP_KEY_TYPE_BASE64 11
+#define APR_LDAP_CA_TYPE_UNKNOWN 0
+#define APR_LDAP_CA_TYPE_DER 1
+#define APR_LDAP_CA_TYPE_BASE64 2
+#define APR_LDAP_CA_TYPE_CERT7_DB 3
+#define APR_LDAP_CA_TYPE_SECMOD 4
+#define APR_LDAP_CERT_TYPE_UNKNOWN 5
+#define APR_LDAP_CERT_TYPE_DER 6
+#define APR_LDAP_CERT_TYPE_BASE64 7
+#define APR_LDAP_CERT_TYPE_KEY3_DB 8
+#define APR_LDAP_CERT_TYPE_NICKNAME 9
+#define APR_LDAP_KEY_TYPE_UNKNOWN 10
+#define APR_LDAP_KEY_TYPE_DER 11
+#define APR_LDAP_KEY_TYPE_BASE64 12
typedef struct apr_ldap_opt_tls_cert_t apr_ldap_opt_tls_cert_t;
struct apr_ldap_opt_tls_cert_t {
Modified: apr/apr-util/trunk/ldap/apr_ldap_option.c
Url: http://svn.apache.org/viewcvs/apr/apr-util/trunk/ldap/apr_ldap_option.c?view=diff&rev=125506&p1=apr/apr-util/trunk/ldap/apr_ldap_option.c&r1=125505&p2=apr/apr-util/trunk/ldap/apr_ldap_option.c&r2=125506
==============================================================================
--- apr/apr-util/trunk/ldap/apr_ldap_option.c (original)
+++ apr/apr-util/trunk/ldap/apr_ldap_option.c Tue Jan 18 05:49:09 2005
@@ -308,6 +308,7 @@
#if APR_HAS_NETSCAPE_LDAPSDK
#if APR_HAS_LDAP_SSL_CLIENT_INIT
+ const char *nickname = NULL;
const char *secmod = NULL;
const char *key3db = NULL;
const char *cert7db = NULL;
@@ -324,6 +325,9 @@
case APR_LDAP_CERT_TYPE_KEY3_DB:
key3db = cert->path;
break;
+ case APR_LDAP_CERT_TYPE_NICKNAME:
+ nickname = cert->path;
+ break;
default:
result->rc = -1;
result->reason = "LDAP: The Netscape/Mozilla LDAP SDK only "
@@ -339,7 +343,17 @@
/* actually set the certificate parameters */
if (result->rc == LDAP_SUCCESS) {
- if (secmod) {
+ if (nickname) {
+ result->rc = ldapssl_enable_clientauth(ldap, "",
+ cert->password,
+ nickname);
+ if (result->rc != LDAP_SUCCESS) {
+ result->reason = "LDAP: could not set client certificate: "
+ "ldapssl_enable_clientauth() failed.";
+ result->msg = ldap_err2string(result->rc);
+ }
+ }
+ else if (secmod) {
result->rc = ldapssl_advclientauth_init(cert7db, NULL,
key3db ? 1 : 0, key3db, NULL,
1, secmod, LDAPSSL_AUTH_CNCHECK);