diff options
author | Rich Megginson <rmeggins@redhat.com> | 2009-07-06 12:11:01 -0600 |
---|---|---|
committer | Rich Megginson <rmeggins@redhat.com> | 2009-07-07 08:32:42 -0600 |
commit | 209521323f731daad54682fd98715f7b22c88c78 (patch) | |
tree | 74a1fa8df06641fe543c8518e4db4357ab610828 /ldap/servers/slapd/ssl.c | |
parent | 3116dbec570b65d2d0a1df5bd000f6e63439e8ee (diff) | |
download | ds-cleanup.tar.gz ds-cleanup.tar.xz ds-cleanup.zip |
OpenLDAP supportcleanup
These changes allow the server to be built with OpenLDAP (2.4.17+). A brief summary of the changes:
* #defines not provided by OpenLDAP were copied into slapi-plugin.h and protected with #ifndef blocks
* where it made sense, I created slapi wrapper functions for things like URL and LDIF processing to abstract way the differences in the APIs
* I created a new file utf8.c which contains the UTF8 functions from MozLDAP - this is only compiled when using OpenLDAP
* I tried to clean up the code - use the _ext versions of LDAP functions everywhere since the older versions should be considered deprecated
* I removed some unused code
NOTE that this should still be considered a work in progress since it depends on functionality not yet present in a released version of OpenLDAP, for NSS crypto and for the LDIF public API.
Diffstat (limited to 'ldap/servers/slapd/ssl.c')
-rw-r--r-- | ldap/servers/slapd/ssl.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c index 6da15a02..5b107990 100644 --- a/ldap/servers/slapd/ssl.c +++ b/ldap/servers/slapd/ssl.c @@ -68,9 +68,12 @@ #include "svrcore.h" #include "fe.h" -#include <ldap_ssl.h> /* ldapssl_client_init */ #include "certdb.h" +#if !defined(USE_OPENLDAP) +#include "ldap_ssl.h" +#endif + /* For IRIX... */ #ifndef MAXPATHLEN #define MAXPATHLEN 1024 @@ -1241,6 +1244,21 @@ slapd_SSL_client_auth (LDAP* ld) "(no password). (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", errorCode, slapd_pr_strerror(errorCode)); } else { +#if defined(USE_OPENLDAP) + rc = ldap_set_option(ld, LDAP_OPT_X_TLS_KEYFILE, SERVER_KEY_NAME); + if (rc) { + slapd_SSL_warn("SSL client authentication cannot be used " + "unable to set the key to use to %s", SERVER_KEY_NAME); + } + rc = ldap_set_option(ld, LDAP_OPT_X_TLS_CERTFILE, cert_name); + if (rc) { + slapd_SSL_warn("SSL client authentication cannot be used " + "unable to set the cert to use to %s", cert_name); + } + /* not sure what else needs to be done for client auth - don't + currently have a way to pass in the password to use to unlock + the keydb - nor a way to disable caching */ +#else /* !USE_OPENLDAP */ rc = ldapssl_enable_clientauth (ld, SERVER_KEY_NAME, pw, cert_name); if (rc != 0) { errorCode = PR_GetError(); @@ -1258,6 +1276,7 @@ slapd_SSL_client_auth (LDAP* ld) ldapssl_set_option(ld, SSL_NO_CACHE, PR_TRUE); } +#endif } } |