and its contents need to be freed by the caller using
.BR ldap_memfree (3).
.TP
+.B LDAP_OPT_X_TLS_CIPHER
+Gets the cipher being used on an established TLS session.
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller using
+.BR ldap_memfree (3).
+.TP
.B LDAP_OPT_X_TLS_CIPHER_SUITE
Sets/gets the allowed cipher suite.
.BR invalue
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
-Ignored by GnuTLS and Mozilla NSS.
+Ignored by Mozilla NSS.
+.TP
+.B LDAP_OPT_X_TLS_ECNAME
+Gets/sets the name of the curve used for
+elliptic curve key exchanges.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller using
+.BR ldap_memfree (3).
+Ignored by GnuTLS and Mozilla NSS. In GnuTLS a curve may be selected
+in the cipher suite specification.
.TP
.B LDAP_OPT_X_TLS_KEYFILE
Sets/gets the full-path of the certificate key file.
When using the OpenSSL library this is an SSL*. When using other
crypto libraries this is a pointer to an OpenLDAP private structure.
Applications generally should not use this option.
+.TP
+.B LDAP_OPT_X_TLS_VERSION
+Gets the TLS version being used on an established TLS session.
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller using
+.BR ldap_memfree (3).
.SH ERRORS
On success, the functions return
.BR LDAP_OPT_SUCCESS ,
#define LDAP_OPT_X_TLS_CRLFILE 0x6010 /* GNUtls only */
#define LDAP_OPT_X_TLS_PACKAGE 0x6011
#define LDAP_OPT_X_TLS_ECNAME 0x6012
+#define LDAP_OPT_X_TLS_VERSION 0x6013 /* read-only */
+#define LDAP_OPT_X_TLS_CIPHER 0x6014 /* read-only */
#define LDAP_OPT_X_TLS_NEVER 0
#define LDAP_OPT_X_TLS_HARD 1
case LDAP_OPT_X_TLS_CONNECT_ARG:
*(void **)arg = lo->ldo_tls_connect_arg;
break;
+ case LDAP_OPT_X_TLS_VERSION: {
+ void *sess = NULL;
+ const char *retval = NULL;
+ if ( ld != NULL ) {
+ LDAPConn *conn = ld->ld_defconn;
+ if ( conn != NULL ) {
+ Sockbuf *sb = conn->lconn_sb;
+ sess = ldap_pvt_tls_sb_ctx( sb );
+ if ( sess != NULL )
+ retval = ldap_pvt_tls_get_version( sess );
+ }
+ }
+ *(char **)arg = retval ? LDAP_STRDUP( retval ) : NULL;
+ break;
+ }
+ case LDAP_OPT_X_TLS_CIPHER: {
+ void *sess = NULL;
+ const char *retval = NULL;
+ if ( ld != NULL ) {
+ LDAPConn *conn = ld->ld_defconn;
+ if ( conn != NULL ) {
+ Sockbuf *sb = conn->lconn_sb;
+ sess = ldap_pvt_tls_sb_ctx( sb );
+ if ( sess != NULL )
+ retval = ldap_pvt_tls_get_cipher( sess );
+ }
+ }
+ *(char **)arg = retval ? LDAP_STRDUP( retval ) : NULL;
+ break;
+ }
+
default:
return -1;
}
projects / openldap / commitdiff