LDAP_F (int) ldap_pvt_tls_accept LDAP_P(( Sockbuf *sb, void *ctx_arg ));
LDAP_F (void *) ldap_pvt_tls_sb_handle LDAP_P(( Sockbuf *sb ));
LDAP_F (void *) ldap_pvt_tls_get_handle LDAP_P(( struct ldap *ld ));
+LDAP_F (const char *) ldap_pvt_tls_get_peer LDAP_P(( void *handle ));
+LDAP_F (int) ldap_pvt_tls_get_strength LDAP_P(( void *handle ));
LDAP_F (int) ldap_pvt_tls_inplace LDAP_P(( Sockbuf *sb ));
LDAP_F (int) ldap_pvt_tls_start LDAP_P(( struct ldap *ld, Sockbuf *sb, void *ctx_arg ));
return ldap_pvt_tls_sb_handle( ld->ld_sb );
}
+int
+ldap_pvt_tls_get_strength( void *s )
+{
+ SSL_CIPHER *c;
+
+ c = SSL_get_current_cipher((SSL *)s);
+ return SSL_CIPHER_get_bits(c, NULL);
+}
+
+
const char *
-ldap_pvt_tls_get_peer( LDAP *ld )
+ldap_pvt_tls_get_peer( void *s )
{
- return NULL;
+ X509 *x;
+ X509_NAME *xn;
+ char buf[2048], *p;
+
+ x = SSL_get_peer_certificate((SSL *)s);
+
+ if (!x)
+ return NULL;
+
+ xn = X509_get_subject_name(x);
+ p = LDAP_STRDUP(X509_NAME_oneline(xn, buf, sizeof(buf)));
+ X509_free(x);
+ return p;
}
const char *
-ldap_pvt_tls_get_peer_issuer( LDAP *ld )
+ldap_pvt_tls_get_peer_issuer( void *s )
{
+#if 0 /* currently unused; see ldap_pvt_tls_get_peer() if needed */
+ X509 *x;
+ X509_NAME *xn;
+ char buf[2048], *p;
+
+ x = SSL_get_peer_certificate((SSL *)s);
+
+ if (!x)
+ return NULL;
+
+ xn = X509_get_issuer_name(x);
+ p = LDAP_STRDUP(X509_NAME_oneline(xn, buf, sizeof(buf)));
+ X509_free(x);
+ return p;
+#else
return NULL;
+#endif
}
int
connection_close( c );
} else if ( rc == 0 ) {
+ void *ssl;
+ unsigned ssf;
+ char *authid;
+
c->c_needs_tls_accept = 0;
-#if 0
/* we need to let SASL know */
+ ssl = (void *)ldap_pvt_tls_sb_handle( c->c_sb );
+ ssf = (unsigned)ldap_pvt_tls_get_strength( ssl );
+ authid = (char *)ldap_pvt_tls_get_peer( ssl );
slap_sasl_external( c, ssf, authid );
-#endif
}
connection_return( c );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
projects / openldap / commitdiff