3 * Copyright 2010-2013 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
14 #include "TlsOptions.h"
15 #include "LDAPException.h"
23 typedef struct tls_optmap {
28 static tls_optmap_t optmap[] = {
29 { LDAP_OPT_X_TLS_CACERTFILE, STRING },
30 { LDAP_OPT_X_TLS_CACERTDIR, STRING },
31 { LDAP_OPT_X_TLS_CERTFILE, STRING },
32 { LDAP_OPT_X_TLS_KEYFILE, STRING },
33 { LDAP_OPT_X_TLS_REQUIRE_CERT, INT },
34 { LDAP_OPT_X_TLS_PROTOCOL_MIN, INT },
35 { LDAP_OPT_X_TLS_CIPHER_SUITE, STRING },
36 { LDAP_OPT_X_TLS_RANDOM_FILE, STRING },
37 { LDAP_OPT_X_TLS_CRLCHECK, INT },
38 { LDAP_OPT_X_TLS_DHFILE, STRING },
39 { LDAP_OPT_X_TLS_NEWCTX, INT }
41 #if 0 /* not implemented currently */
42 static const int TLS_CRLFILE /* GNUtls only */
43 static const int TLS_SSL_CTX /* OpenSSL SSL* */
44 static const int TLS_CONNECT_CB
45 static const int TLS_CONNECT_ARG
48 static void checkOpt( TlsOptions::tls_option opt, opttype type ) {
49 if ( opt < TlsOptions::CACERTFILE || opt >= TlsOptions::LASTOPT ){
50 throw( LDAPException( LDAP_PARAM_ERROR, "unknown Option" ) );
53 if ( optmap[opt].type != type ){
54 throw( LDAPException( LDAP_PARAM_ERROR, "not a string option" ) );
58 TlsOptions::TlsOptions() : m_ld(NULL) {}
60 TlsOptions::TlsOptions( LDAP* ld ): m_ld(ld) { }
62 void TlsOptions::setOption( tls_option opt, const std::string& value ) const {
63 checkOpt(opt, STRING);
65 case TlsOptions::CACERTFILE :
66 case TlsOptions::CERTFILE :
67 case TlsOptions::KEYFILE :
69 // check if the supplied file is actually readable
70 std::ifstream ifile(value.c_str());
72 throw( LDAPException( LDAP_LOCAL_ERROR, "Unable to open the supplied file for reading" ) );
76 case TlsOptions::CACERTDIR :
79 std::ostringstream msg;
81 int err = stat(value.c_str(),&st);
83 msg << strerror(errno);
86 if ( !S_ISDIR(st.st_mode) ){
87 msg << "The supplied path is not a directory.";
92 std::ostringstream errstr;
93 errstr << "Error while setting Certificate Directory (" << value << "): " << msg.str();
94 throw( LDAPException( LDAP_LOCAL_ERROR, errstr.str() ) );
99 this->setOption( opt, value.empty() ? NULL : (void*) value.c_str() );
102 void TlsOptions::setOption( tls_option opt, int value ) const {
104 this->setOption( opt, (void*) &value);
107 void TlsOptions::setOption( tls_option opt, void *value ) const {
108 int ret = ldap_set_option( m_ld, optmap[opt].optval, value);
109 if ( ret != LDAP_OPT_SUCCESS )
111 if ( ret != LDAP_OPT_ERROR ){
112 throw( LDAPException( ret ));
114 throw( LDAPException( LDAP_PARAM_ERROR, "error while setting TLS option" ) );
120 void TlsOptions::getOption( tls_option opt, void* value ) const {
121 int ret = ldap_get_option( m_ld, optmap[opt].optval, value);
122 if ( ret != LDAP_OPT_SUCCESS )
124 if ( ret != LDAP_OPT_ERROR ){
125 throw( LDAPException( ret ));
127 throw( LDAPException( LDAP_PARAM_ERROR, "error while reading TLS option" ) );
132 int TlsOptions::getIntOption( tls_option opt ) const {
135 ldap_get_option( m_ld, optmap[opt].optval, (void*) &value);
139 std::string TlsOptions::getStringOption( tls_option opt ) const {
141 checkOpt(opt, STRING);
142 ldap_get_option( m_ld, optmap[opt].optval, (void*) &value);
146 strval=std::string(value);
152 void TlsOptions::newCtx() const {
154 int ret = ldap_set_option( m_ld, LDAP_OPT_X_TLS_NEWCTX, &val);
155 if ( ret != LDAP_OPT_SUCCESS )
157 if ( ret != LDAP_OPT_ERROR ){
158 throw( LDAPException( ret ));
160 throw( LDAPException( LDAP_LOCAL_ERROR, "error while renewing TLS context" ) );