// $OpenLDAP$
/*
- * Copyright 2010, OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 2010-2011 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
static const int TLS_CONNECT_ARG
#endif
-void checkOpt( TlsOptions::tls_option opt, opttype type ){
- if ( opt >= sizeof(optmap) ){
+static void checkOpt( TlsOptions::tls_option opt, opttype type ) {
+ if ( opt < TlsOptions::CACERTFILE || opt >= TlsOptions::LASTOPT ){
throw( LDAPException( LDAP_PARAM_ERROR, "unknown Option" ) );
}
}
}
+TlsOptions::TlsOptions() : m_ld(NULL) {}
+
TlsOptions::TlsOptions( LDAP* ld ): m_ld(ld) { }
-void TlsOptions::setOption( tls_option opt, const std::string& value ) {
+void TlsOptions::setOption( tls_option opt, const std::string& value ) const {
checkOpt(opt, STRING);
- this->setOption( opt, (void*) value.c_str());
+ this->setOption( opt, value.empty() ? NULL : (void*) value.c_str() );
}
-void TlsOptions::setOption( tls_option opt, int value ) {
+void TlsOptions::setOption( tls_option opt, int value ) const {
checkOpt(opt, INT);
this->setOption( opt, (void*) &value);
}
-void TlsOptions::setOption( tls_option opt, void *value ) {
+void TlsOptions::setOption( tls_option opt, void *value ) const {
int ret = ldap_set_option( m_ld, optmap[opt].optval, value);
if ( ret != LDAP_OPT_SUCCESS )
{
throw( LDAPException( LDAP_PARAM_ERROR, "error while setting TLS option" ) );
}
}
+ this->newCtx();
}
-void TlsOptions::getOption( tls_option opt, void* value ){
+void TlsOptions::getOption( tls_option opt, void* value ) const {
int ret = ldap_get_option( m_ld, optmap[opt].optval, value);
if ( ret != LDAP_OPT_SUCCESS )
{
return strval;
}
+void TlsOptions::newCtx() const {
+ int val = 0;
+ int ret = ldap_set_option( m_ld, LDAP_OPT_X_TLS_NEWCTX, &val);
+ if ( ret != LDAP_OPT_SUCCESS )
+ {
+ if ( ret != LDAP_OPT_ERROR ){
+ throw( LDAPException( ret ));
+ } else {
+ throw( LDAPException( LDAP_LOCAL_ERROR, "error while renewing TLS context" ) );
+ }
+ }
+}