Philip Guenther wrote:
On Tue, 19 Aug 2008, Howard Chu wrote:
guenther@sendmail.com wrote:
...
TLS_PROTOCOL_MIN<major>,<minor>
Let's use US convention<major>.<minor>...
Ok.
C: struct ldap_tls_protocol { unsigned char major, minor; } val; val.major = 3; val.minor=0; ldap_set_option(ld, LDAP_OPT_TLS_PROTOCOL_MIN,&val);
I would just use an int, and have the caller OR in the appropriate values.
So: /* force TLS 1.0 or later */ ldap_set_option(ld, LDAP_OPT_TLS_PROTOCOL_MIN, (3<< 8) + 1);
The set_option interface requires a pointer. So min = (3<<8)+1; ldap_set_option(ld, LDAP_OPT_X_TLS_PROTOCOL_MIN, &min);
You could also define a few macros for the currently known versions.
Preferences on the format of those macros?
#define LDAP_OPT_X_TLS_PROTOCOL_SSLv2 (2<< 8) #define LDAP_OPT_X_TLS_PROTOCOL_SSLv3 (3<< 8) #define LDAP_OPT_X_TLS_PROTOCOL_TLSv1_0 ((3<< 8) + 1) #define LDAP_OPT_X_TLS_PROTOCOL_TLSv1_1 ((3<< 8) + 2) #define LDAP_OPT_X_TLS_PROTOCOL_TLSv1_2 ((3<< 8) + 3)
?
Drop the 'v' and I think it'll be fine
-
hyc@symas.com