Re: OpenSSL provider support in openldap: OSSL_STORE_open()

3 Jan 2024


      Graham Leggett wrote:
...
On 19 Dec 2023, at 12:45, Graham Leggett minfrin@sharp.fm wrote:
...
A search in the openldap source shows we don’t yet support the OpenSSL3 provider OSSL_STORE_open() call, which takes a URL as a parameter.
I’m happy to patch the openldap client to support this, would it make sense to add a LDAP_OPT_X_TLS_URL option to ldap_option_set()?
Patch available here:
https://bugs.openldap.org/show_bug.cgi?id=10149
Looks a bit like a chicken'n'egg situation, why should anyone trust the connection that was used to
retrieve certs and keys from the designated URI?
...
This allows replication in 389ds to be fixed, with the patch available here for anyone interested:
https://github.com/389ds/389-ds-base/pull/6021
Regards,
Graham
—
-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: OpenSSL provider support in openldap: OSSL_STORE_open()