summaryrefslogtreecommitdiffstats
path: root/ldap/servers/slapd/ssl.c
diff options
context:
space:
mode:
authorRich Megginson <rmeggins@redhat.com>2009-07-06 12:11:01 -0600
committerRich Megginson <rmeggins@redhat.com>2009-07-07 08:32:42 -0600
commit209521323f731daad54682fd98715f7b22c88c78 (patch)
tree74a1fa8df06641fe543c8518e4db4357ab610828 /ldap/servers/slapd/ssl.c
parent3116dbec570b65d2d0a1df5bd000f6e63439e8ee (diff)
downloadds-cleanup.tar.gz
ds-cleanup.tar.xz
ds-cleanup.zip
OpenLDAP supportcleanup
These changes allow the server to be built with OpenLDAP (2.4.17+). A brief summary of the changes: * #defines not provided by OpenLDAP were copied into slapi-plugin.h and protected with #ifndef blocks * where it made sense, I created slapi wrapper functions for things like URL and LDIF processing to abstract way the differences in the APIs * I created a new file utf8.c which contains the UTF8 functions from MozLDAP - this is only compiled when using OpenLDAP * I tried to clean up the code - use the _ext versions of LDAP functions everywhere since the older versions should be considered deprecated * I removed some unused code NOTE that this should still be considered a work in progress since it depends on functionality not yet present in a released version of OpenLDAP, for NSS crypto and for the LDIF public API.
Diffstat (limited to 'ldap/servers/slapd/ssl.c')
-rw-r--r--ldap/servers/slapd/ssl.c21
1 files changed, 20 insertions, 1 deletions
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index 6da15a02..5b107990 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -68,9 +68,12 @@
#include "svrcore.h"
#include "fe.h"
-#include <ldap_ssl.h> /* ldapssl_client_init */
#include "certdb.h"
+#if !defined(USE_OPENLDAP)
+#include "ldap_ssl.h"
+#endif
+
/* For IRIX... */
#ifndef MAXPATHLEN
#define MAXPATHLEN 1024
@@ -1241,6 +1244,21 @@ slapd_SSL_client_auth (LDAP* ld)
"(no password). (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
errorCode, slapd_pr_strerror(errorCode));
} else {
+#if defined(USE_OPENLDAP)
+ rc = ldap_set_option(ld, LDAP_OPT_X_TLS_KEYFILE, SERVER_KEY_NAME);
+ if (rc) {
+ slapd_SSL_warn("SSL client authentication cannot be used "
+ "unable to set the key to use to %s", SERVER_KEY_NAME);
+ }
+ rc = ldap_set_option(ld, LDAP_OPT_X_TLS_CERTFILE, cert_name);
+ if (rc) {
+ slapd_SSL_warn("SSL client authentication cannot be used "
+ "unable to set the cert to use to %s", cert_name);
+ }
+ /* not sure what else needs to be done for client auth - don't
+ currently have a way to pass in the password to use to unlock
+ the keydb - nor a way to disable caching */
+#else /* !USE_OPENLDAP */
rc = ldapssl_enable_clientauth (ld, SERVER_KEY_NAME, pw, cert_name);
if (rc != 0) {
errorCode = PR_GetError();
@@ -1258,6 +1276,7 @@ slapd_SSL_client_auth (LDAP* ld)
ldapssl_set_option(ld, SSL_NO_CACHE, PR_TRUE);
}
+#endif
}
}