https://bugzilla.novell.com/show_bug.cgi?id=662949
https://bugzilla.novell.com/show_bug.cgi?id=662949#c5
Ralf Haferkamp changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|rhafer@novell.com |jsuchome@novell.com
--- Comment #5 from Ralf Haferkamp 2011-01-10 13:54:18 CET ---
Implementing the TLS Settings in ldap-agent doesn't seem to be very hard. I
have however a hard time integrating that into Ldap.ycp (and ldap-client) in
general. As I don't know that code well enough. Would be nice if you could take
a look at that.
To change the TLS Settings you can use the TlsOptions Class of the LDAP C++
library (as it is available on Factory).
To change the options globally (for all new LDAPConnections) you just
instanciate a TlsOptions object and call the setOption like this:
TlsOptions tls();
tls.setOption( TlsOptions::CACERTFILE, cacertfile );
tls.setOption( TlsOptions::CACERTDIR, cacertdir );
tls.setOption( TlsOptions::REQUIRE_CERT, TlsOptions::DEMAND );
To change the TLS Setting of an existing LDAPConnection object you need to
construct the TlsOptions Object like this:
TlsOptions tls = ldap->getTlsOptions();
Note, that changing the TLS options does only work before the SSL/TLS on a LDAP
connection has been established (and that's probably the hard part, but there
is not much I can change about that). I.e. you must change the TlsOptions
before the first call to start_tls().
That means that in order to apply changed TLS settings when the LDAP agent has
already established a SSL/TLS connection you need to close and destroy that
connection (unbind()) and create a new one.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.