diff options
Diffstat (limited to 'ldap/servers/slapd/ssl.c')
-rw-r--r-- | ldap/servers/slapd/ssl.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c index 6da15a02..5b107990 100644 --- a/ldap/servers/slapd/ssl.c +++ b/ldap/servers/slapd/ssl.c @@ -68,9 +68,12 @@ #include "svrcore.h" #include "fe.h" -#include <ldap_ssl.h> /* ldapssl_client_init */ #include "certdb.h" +#if !defined(USE_OPENLDAP) +#include "ldap_ssl.h" +#endif + /* For IRIX... */ #ifndef MAXPATHLEN #define MAXPATHLEN 1024 @@ -1241,6 +1244,21 @@ slapd_SSL_client_auth (LDAP* ld) "(no password). (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", errorCode, slapd_pr_strerror(errorCode)); } else { +#if defined(USE_OPENLDAP) + rc = ldap_set_option(ld, LDAP_OPT_X_TLS_KEYFILE, SERVER_KEY_NAME); + if (rc) { + slapd_SSL_warn("SSL client authentication cannot be used " + "unable to set the key to use to %s", SERVER_KEY_NAME); + } + rc = ldap_set_option(ld, LDAP_OPT_X_TLS_CERTFILE, cert_name); + if (rc) { + slapd_SSL_warn("SSL client authentication cannot be used " + "unable to set the cert to use to %s", cert_name); + } + /* not sure what else needs to be done for client auth - don't + currently have a way to pass in the password to use to unlock + the keydb - nor a way to disable caching */ +#else /* !USE_OPENLDAP */ rc = ldapssl_enable_clientauth (ld, SERVER_KEY_NAME, pw, cert_name); if (rc != 0) { errorCode = PR_GetError(); @@ -1258,6 +1276,7 @@ slapd_SSL_client_auth (LDAP* ld) ldapssl_set_option(ld, SSL_NO_CACHE, PR_TRUE); } +#endif } } |