[389-devel] Re: Please review: OpenLDAP support
Rob Crittenden
rcritten at redhat.com
Wed Jul 8 12:53:58 UTC 2009
Howard Chu wrote:
> Howard Chu wrote:
>>
>>> Message: 1
>>> Date: Mon, 06 Jul 2009 13:20:22 -0600
>>> From: Rich Megginson<rmeggins at redhat.com>
>>
>>> Note - the patch does not contain the diffs for configure nor
>>> Makefile.in
>>> http://rmeggins.fedorapeople.org/0001-OpenLDAP-support.patch
>
> As noted in your patch, the OpenLDAP API doesn't provide any options to
> control SSL session caching. In the past I hacked that into my clients
> by retrieving the OpenSSL context handles and using the OpenSSL API
> directly. Obviously that's not a viable way forward since we now have 3
> different TLS libraries to deal with. So, we will probably be adding a
> couple set_option() flags for this purpose Real Soon Now. If there's
> anything good or bad about the way MozLDAP handles this, let me know
> what you think...
>
> We'll also be providing a callback for obtaining the password for the
> private key... Again that's something we've ignored because OpenSSL has
> provided its own for so long.
>
libcurl has a similar SSL abstraction layer that works with OpenSSL,
GnuTLS and NSS. You might find some inspiration there.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20090708/cb406ba6/attachment.bin>
More information about the Fedora-directory-devel
mailing list