--On Friday, July 07, 2017 4:05 PM +0000 Daniel Le daniel.le@exfo.com wrote:
Hi Quanah,
I tried ldap_int_tls_config for RE24 in my app program as shown below and it didn't work.
Interesting. ;/ I wonder if there's something more in what you're doing outside of that code snippet that's causing the context to be lost. It clearly works with the code I've done (and in general with the client libraries).
Additionally, I'm curious why you use ldap_int_tls_config instead of ldap_set_option?
ldap_set_option can't take "never" as an argument to LDAP_OPT_X_TLS_REQUIRE_CERT, but ldap_int_tls_config can. If I had used ldap_set_option, I would have needed to do a ton of code duplication for error checking. Similar for the LDAP_OPT_X_TLS_PROTOCOL_MIN and LDAP_OPT_X_TLS_CRLCHECK options. Much better to do code re-use. ;)
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Right, ldap_set_option doesn't take string input argument. I implied an integer value such as LDAP_OPT_X_TLS_NEVER, LDAP_OPT_X_TLS_ALLOW, etc.
I have no doubt it works nicely in your case. Just trying to understand why it doesn't on my side.
Daniel
-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@symas.com] Sent: Friday, July 07, 2017 11:20 AM To: Daniel Le daniel.le@exfo.com; 'openldap-technical@openldap.org' openldap-technical@openldap.org Subject: RE: Using TLS
--On Friday, July 07, 2017 4:05 PM +0000 Daniel Le daniel.le@exfo.com wrote:
Hi Quanah,
I tried ldap_int_tls_config for RE24 in my app program as shown below and it didn't work.
Interesting. ;/ I wonder if there's something more in what you're doing outside of that code snippet that's causing the context to be lost. It clearly works with the code I've done (and in general with the client libraries).
Additionally, I'm curious why you use ldap_int_tls_config instead of ldap_set_option?
ldap_set_option can't take "never" as an argument to LDAP_OPT_X_TLS_REQUIRE_CERT, but ldap_int_tls_config can. If I had used ldap_set_option, I would have needed to do a ton of code duplication for error checking. Similar for the LDAP_OPT_X_TLS_PROTOCOL_MIN and LDAP_OPT_X_TLS_CRLCHECK options. Much better to do code re-use. ;)
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org