You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by mi...@apache.org on 2005/01/19 14:54:17 UTC
svn commit: r125624 - /apr/apr-util/trunk/include/apr_ldap_option.h /apr/apr-util/trunk/ldap/apr_ldap_option.c
Author: minfrin
Date: Wed Jan 19 05:54:16 2005
New Revision: 125624
URL: http://svn.apache.org/viewcvs?view=rev&rev=125624
Log:
Change the parameter passed to set SSL certificates from a linked list
to an APR array, to make working with the API easier. Fix an oversight in
the Netscape certificate code which ignored client certificate passwords.
Modified:
apr/apr-util/trunk/include/apr_ldap_option.h
apr/apr-util/trunk/ldap/apr_ldap_option.c
Modified: apr/apr-util/trunk/include/apr_ldap_option.h
Url: http://svn.apache.org/viewcvs/apr/apr-util/trunk/include/apr_ldap_option.h?view=diff&rev=125624&p1=apr/apr-util/trunk/include/apr_ldap_option.h&r1=125623&p2=apr/apr-util/trunk/include/apr_ldap_option.h&r2=125624
==============================================================================
--- apr/apr-util/trunk/include/apr_ldap_option.h (original)
+++ apr/apr-util/trunk/include/apr_ldap_option.h Wed Jan 19 05:54:16 2005
@@ -49,7 +49,7 @@
* This structure includes possible options to set certificates on
* system initialisation. Different SDKs have different certificate
* requirements, and to achieve this multiple certificates must be
- * specified at once.
+ * specified at once passed as an (apr_array_header_t *).
*
* Netscape:
* Needs the CA cert database (cert7.db), the client cert database (key3.db)
@@ -108,7 +108,6 @@
int type;
const char *path;
const char *password;
- apr_ldap_opt_tls_cert_t *next;
};
/**
Modified: apr/apr-util/trunk/ldap/apr_ldap_option.c
Url: http://svn.apache.org/viewcvs/apr/apr-util/trunk/ldap/apr_ldap_option.c?view=diff&rev=125624&p1=apr/apr-util/trunk/ldap/apr_ldap_option.c&r1=125623&p2=apr/apr-util/trunk/ldap/apr_ldap_option.c&r2=125624
==============================================================================
--- apr/apr-util/trunk/ldap/apr_ldap_option.c (original)
+++ apr/apr-util/trunk/ldap/apr_ldap_option.c Wed Jan 19 05:54:16 2005
@@ -26,6 +26,7 @@
#include "apr_errno.h"
#include "apr_pools.h"
#include "apr_strings.h"
+#include "apr_tables.h"
#if APR_HAS_LDAP
@@ -302,7 +303,9 @@
static int option_set_cert(apr_pool_t *pool, LDAP *ldap,
const void *invalue, apr_ldap_err_t *result)
{
- apr_ldap_opt_tls_cert_t *cert = (apr_ldap_opt_tls_cert_t *)invalue;
+ apr_array_header_t *certs = (apr_array_header_t *)invalue;
+ struct apr_ldap_opt_tls_cert_t *ents = (struct apr_ldap_opt_tls_cert_t *)certs->elts;
+ int i = 0;
#if APR_HAS_LDAP_SSL
@@ -312,21 +315,23 @@
const char *secmod = NULL;
const char *key3db = NULL;
const char *cert7db = NULL;
+ const char *password = NULL;
/* set up cert7.db, key3.db and secmod parameters */
- while (cert) {
- switch (cert->type) {
+ for (i = 0; i < certs->nelts; i++) {
+ switch (ents[i].type) {
case APR_LDAP_CA_TYPE_CERT7_DB:
- cert7db = cert->path;
+ cert7db = ents[i].path;
break;
case APR_LDAP_CA_TYPE_SECMOD:
- secmod = cert->path;
+ secmod = ents[i].path;
break;
case APR_LDAP_CERT_TYPE_KEY3_DB:
- key3db = cert->path;
+ key3db = ents[i].path;
break;
case APR_LDAP_CERT_TYPE_NICKNAME:
- nickname = cert->path;
+ nickname = ents[i].path;
+ password = ents[i].password;
break;
default:
result->rc = -1;
@@ -338,14 +343,13 @@
if (result->rc != LDAP_SUCCESS) {
break;
}
- cert = cert->next;
}
/* actually set the certificate parameters */
if (result->rc == LDAP_SUCCESS) {
if (nickname) {
result->rc = ldapssl_enable_clientauth(ldap, "",
- cert->password,
+ password,
nickname);
if (result->rc != LDAP_SUCCESS) {
result->reason = "LDAP: could not set client certificate: "
@@ -407,41 +411,41 @@
}
}
/* set one or more certificates */
- while (LDAP_SUCCESS == result->rc && cert) {
+ for (i = 0; LDAP_SUCCESS == result->rc && i < certs->nelts; i++) {
/* Novell SDK supports DER or BASE64 files. */
- switch (cert->type) {
+ switch (ents[i].type) {
case APR_LDAP_CA_TYPE_DER:
- result->rc = ldapssl_add_trusted_cert((void *)cert->path,
+ result->rc = ldapssl_add_trusted_cert((void *)ents[i].path,
LDAPSSL_CERT_FILETYPE_DER);
result->msg = ldap_err2string(result->rc);
break;
case APR_LDAP_CA_TYPE_BASE64:
- result->rc = ldapssl_add_trusted_cert((void *)cert->path,
+ result->rc = ldapssl_add_trusted_cert((void *)ents[i].path,
LDAPSSL_CERT_FILETYPE_B64);
result->msg = ldap_err2string(result->rc);
break;
case APR_LDAP_CERT_TYPE_DER:
- result->rc = ldapssl_set_client_cert((void *)cert->path,
+ result->rc = ldapssl_set_client_cert((void *)ents[i].path,
LDAPSSL_CERT_FILETYPE_DER,
- (void*)cert->password);
+ (void*)ents[i].password);
result->msg = ldap_err2string(result->rc);
break;
case APR_LDAP_CERT_TYPE_BASE64:
- result->rc = ldapssl_set_client_cert((void *)cert->path,
+ result->rc = ldapssl_set_client_cert((void *)ents[i].path,
LDAPSSL_CERT_FILETYPE_B64,
- (void*)cert->password);
+ (void*)ents[i].password);
result->msg = ldap_err2string(result->rc);
break;
case APR_LDAP_KEY_TYPE_DER:
- result->rc = ldapssl_set_client_private_key((void *)cert->path,
+ result->rc = ldapssl_set_client_private_key((void *)ents[i].path,
LDAPSSL_CERT_FILETYPE_DER,
- (void*)cert->password);
+ (void*)ents[i].password);
result->msg = ldap_err2string(result->rc);
break;
case APR_LDAP_KEY_TYPE_BASE64:
- result->rc = ldapssl_set_client_private_key((void *)cert->path,
+ result->rc = ldapssl_set_client_private_key((void *)ents[i].path,
LDAPSSL_CERT_FILETYPE_B64,
- (void*)cert->password);
+ (void*)ents[i].password);
result->msg = ldap_err2string(result->rc);
break;
default:
@@ -453,7 +457,6 @@
if (result->rc != LDAP_SUCCESS) {
break;
}
- cert = cert->next;
}
#else
result->reason = "LDAP: ldapssl_client_init(), "
@@ -470,22 +473,22 @@
#ifdef LDAP_OPT_X_TLS_CACERTFILE
/* set one or more certificates */
/* FIXME: make it support setting directories as well as files */
- while (cert) {
+ for (i = 0; i < certs->nelts; i++) {
/* OpenLDAP SDK supports BASE64 files. */
- switch (cert->type) {
+ switch (ents[i].type) {
case APR_LDAP_CA_TYPE_BASE64:
result->rc = ldap_set_option(ldap, LDAP_OPT_X_TLS_CACERTFILE,
- (void *)cert->path);
+ (void *)ents[i].path);
result->msg = ldap_err2string(result->rc);
break;
case APR_LDAP_CERT_TYPE_BASE64:
result->rc = ldap_set_option(ldap, LDAP_OPT_X_TLS_CERTFILE,
- (void *)cert->path);
+ (void *)ents[i].path);
result->msg = ldap_err2string(result->rc);
break;
case APR_LDAP_KEY_TYPE_BASE64:
result->rc = ldap_set_option(ldap, LDAP_OPT_X_TLS_KEYFILE,
- (void *)cert->path);
+ (void *)ents[i].path);
result->msg = ldap_err2string(result->rc);
break;
default:
@@ -497,7 +500,6 @@
if (result->rc != LDAP_SUCCESS) {
break;
}
- cert = cert->next;
}
#else
result->reason = "LDAP: LDAP_OPT_X_TLS_CACERTFILE not "
@@ -542,3 +544,4 @@
}
#endif /* APR_HAS_LDAP */
+