3 * Copyright 2010-2011 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 #include "TlsOptions.h"
8 #include "LDAPException.h"
16 typedef struct tls_optmap {
21 static tls_optmap_t optmap[] = {
22 { LDAP_OPT_X_TLS_CACERTFILE, STRING },
23 { LDAP_OPT_X_TLS_CACERTDIR, STRING },
24 { LDAP_OPT_X_TLS_CERTFILE, STRING },
25 { LDAP_OPT_X_TLS_KEYFILE, STRING },
26 { LDAP_OPT_X_TLS_REQUIRE_CERT, INT },
27 { LDAP_OPT_X_TLS_PROTOCOL_MIN, INT },
28 { LDAP_OPT_X_TLS_CIPHER_SUITE, STRING },
29 { LDAP_OPT_X_TLS_RANDOM_FILE, STRING },
30 { LDAP_OPT_X_TLS_CRLCHECK, INT },
31 { LDAP_OPT_X_TLS_DHFILE, STRING },
32 { LDAP_OPT_X_TLS_NEWCTX, INT }
34 #if 0 /* not implemented currently */
35 static const int TLS_CRLFILE /* GNUtls only */
36 static const int TLS_SSL_CTX /* OpenSSL SSL* */
37 static const int TLS_CONNECT_CB
38 static const int TLS_CONNECT_ARG
41 static void checkOpt( TlsOptions::tls_option opt, opttype type ) {
42 if ( opt < TlsOptions::CACERTFILE || opt >= TlsOptions::LASTOPT ){
43 throw( LDAPException( LDAP_PARAM_ERROR, "unknown Option" ) );
46 if ( optmap[opt].type != type ){
47 throw( LDAPException( LDAP_PARAM_ERROR, "not a string option" ) );
51 TlsOptions::TlsOptions() : m_ld(NULL) {}
53 TlsOptions::TlsOptions( LDAP* ld ): m_ld(ld) { }
55 void TlsOptions::setOption( tls_option opt, const std::string& value ) const {
56 checkOpt(opt, STRING);
57 this->setOption( opt, value.empty() ? NULL : (void*) value.c_str() );
60 void TlsOptions::setOption( tls_option opt, int value ) const {
62 this->setOption( opt, (void*) &value);
65 void TlsOptions::setOption( tls_option opt, void *value ) const {
66 int ret = ldap_set_option( m_ld, optmap[opt].optval, value);
67 if ( ret != LDAP_OPT_SUCCESS )
69 if ( ret != LDAP_OPT_ERROR ){
70 throw( LDAPException( ret ));
72 throw( LDAPException( LDAP_PARAM_ERROR, "error while setting TLS option" ) );
78 void TlsOptions::getOption( tls_option opt, void* value ) const {
79 int ret = ldap_get_option( m_ld, optmap[opt].optval, value);
80 if ( ret != LDAP_OPT_SUCCESS )
82 if ( ret != LDAP_OPT_ERROR ){
83 throw( LDAPException( ret ));
85 throw( LDAPException( LDAP_PARAM_ERROR, "error while reading TLS option" ) );
90 int TlsOptions::getIntOption( tls_option opt ) const {
93 ldap_get_option( m_ld, optmap[opt].optval, (void*) &value);
97 std::string TlsOptions::getStringOption( tls_option opt ) const {
99 checkOpt(opt, STRING);
100 ldap_get_option( m_ld, optmap[opt].optval, (void*) &value);
104 strval=std::string(value);
110 void TlsOptions::newCtx() const {
112 int ret = ldap_set_option( m_ld, LDAP_OPT_X_TLS_NEWCTX, &val);
113 if ( ret != LDAP_OPT_SUCCESS )
115 if ( ret != LDAP_OPT_ERROR ){
116 throw( LDAPException( ret ));
118 throw( LDAPException( LDAP_LOCAL_ERROR, "error while renewing TLS context" ) );