On Tue, Oct 10, 2017 at 10:43:42AM +0000, ondra@openldap.org wrote:
URL: https://github.com/mistotebe/openldap/tree/its8753
A new libldap option LDAP_OPT_X_TLS_PEERKEY_HASH that accepts a string 'hashname/base64_hash_of_public_key'. If a TLS session is already present on the main connection, it is also checked immediately.
It introduces a dependency on liblutil by depending on the symbol lutil_b64_pton. Somehow, this breaks the build for the ldap* tools, not sure why or how to fix that yet.
A new version is now at the same place (see above), it moves the ldif.c in-place base64 decoding into a separate function and reuses that.
Other changes: - pin hash algorithm separator changes to ':' - pin can now be set from the environment - can now better deal with connection freeing and/or changes to the global ldap options