You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by co...@apache.org on 2010/02/24 04:31:18 UTC
svn commit: r915649 - in /apr/apr/trunk: CHANGES ldap/apr_ldap_option.c
Author: covener
Date: Wed Feb 24 03:31:18 2010
New Revision: 915649
URL: http://svn.apache.org/viewvc?rev=915649&view=rev
Log:
When an individual LDAP connection is to have a different SSL environemnt
than the global (ldap == NULL) options, we have to tell openldap via
LDAP_OPT_X_TLS_NEWCTX.
Modified:
apr/apr/trunk/CHANGES
apr/apr/trunk/ldap/apr_ldap_option.c
Modified: apr/apr/trunk/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr/trunk/CHANGES?rev=915649&r1=915648&r2=915649&view=diff
==============================================================================
--- apr/apr/trunk/CHANGES [utf-8] (original)
+++ apr/apr/trunk/CHANGES [utf-8] Wed Feb 24 03:31:18 2010
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes for APR 2.0.0
+ *) Enable per-connection LDAP client certificates for
+ openldap by requesting a new SSL context. [Eric Covener]
+
*) Support connecttimeout, readtimeout and writetimeout MySQL options
PR 48251 [Marko Kevac <marko kevac.org>]
Modified: apr/apr/trunk/ldap/apr_ldap_option.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/ldap/apr_ldap_option.c?rev=915649&r1=915648&r2=915649&view=diff
==============================================================================
--- apr/apr/trunk/ldap/apr_ldap_option.c (original)
+++ apr/apr/trunk/ldap/apr_ldap_option.c Wed Feb 24 03:31:18 2010
@@ -578,6 +578,15 @@
/* OpenLDAP SDK */
#if APR_HAS_OPENLDAP_LDAPSDK
#ifdef LDAP_OPT_X_TLS_CACERTFILE
+#ifndef LDAP_OPT_X_TLS_NEWCTX
+ if (ldap) {
+ result->reason = "LDAP: The OpenLDAP SDK cannot support the setting "
+ "of certificates or keys on a per connection basis.";
+ result->rc = -1;
+ return;
+ }
+#endif
+
/* set one or more certificates */
/* FIXME: make it support setting directories as well as files */
for (i = 0; i < certs->nelts; i++) {
@@ -615,6 +624,15 @@
break;
}
}
+ /* Certificate settings are now configured, but we also need a new
+ * TLS context to be created. This applies to both gnuTLS and openssl
+ */
+ if (ldap && (result->rc == LDAP_SUCCESS)) {
+ int IS_SERVER = 0;
+ result->rc = ldap_set_option(ldap, LDAP_OPT_X_TLS_NEWCTX, &IS_SERVER);
+ result->msg = ldap_err2string(result->rc);
+ }
+
#else
result->reason = "LDAP: LDAP_OPT_X_TLS_CACERTFILE not "
"defined by this OpenLDAP SDK. Certificate "