From: Kurt Zeilenga <kurt@openldap.org>
Date: Sun, 5 Sep 2004 07:21:20 +0000 (+0000)
Subject: Add TLS cipher suite directive to ldap.conf(5)
X-Git-Tag: OPENLDAP_REL_ENG_2_3_0ALPHA~567
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=5f5d50aeb07810eff42aef8155a17457958e970e;p=openldap

Add TLS cipher suite directive to ldap.conf(5)
---

diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
index 5c75bc62c9..0821a62db0 100644
--- a/doc/man/man5/ldap.conf.5
+++ b/doc/man/man5/ldap.conf.5
@@ -220,6 +220,11 @@ file. Currently, the private key must not be protected with a password, so
 it is of critical importance that the key file is protected carefully. This
 is a user\-only option.
 .TP
+.B TLS_CIPHER_SUITE <cipher-suite-spec>
+Specifies acceptable cipher suite and preference order.
+<cipher-suite-spec> should be a cipher specification for OpenSSL,
+e.g., HIGH:MEDIUM:+SSLv2.
+.TP
 .B TLS_RANDFILE <filename>
 Specifies the file to obtain random bits from when /dev/[u]random is
 not available. Generally set to the name of the EGD/PRNGD socket.
diff --git a/libraries/libldap/init.c b/libraries/libldap/init.c
index 7e88825da4..81938ec9ad 100644
--- a/libraries/libldap/init.c
+++ b/libraries/libldap/init.c
@@ -91,12 +91,13 @@ static const struct ol_attribute {
 #endif
 
 #ifdef HAVE_TLS
-	{1, ATTR_TLS,		"TLS_CERT",		NULL,	LDAP_OPT_X_TLS_CERTFILE},
-	{1, ATTR_TLS,		"TLS_KEY",		NULL,	LDAP_OPT_X_TLS_KEYFILE},
-  	{0, ATTR_TLS,		"TLS_CACERT",	NULL,	LDAP_OPT_X_TLS_CACERTFILE},
-  	{0, ATTR_TLS,		"TLS_CACERTDIR",NULL,	LDAP_OPT_X_TLS_CACERTDIR},
-  	{0, ATTR_TLS,		"TLS_REQCERT",	NULL,	LDAP_OPT_X_TLS_REQUIRE_CERT},
-	{0, ATTR_TLS,		"TLS_RANDFILE",	NULL,	LDAP_OPT_X_TLS_RANDOM_FILE},
+	{1, ATTR_TLS,	"TLS_CERT",			NULL,	LDAP_OPT_X_TLS_CERTFILE},
+	{1, ATTR_TLS,	"TLS_KEY",			NULL,	LDAP_OPT_X_TLS_KEYFILE},
+  	{0, ATTR_TLS,	"TLS_CACERT",		NULL,	LDAP_OPT_X_TLS_CACERTFILE},
+  	{0, ATTR_TLS,	"TLS_CACERTDIR",	NULL,	LDAP_OPT_X_TLS_CACERTDIR},
+  	{0, ATTR_TLS,	"TLS_REQCERT",		NULL,	LDAP_OPT_X_TLS_REQUIRE_CERT},
+	{0, ATTR_TLS,	"TLS_RANDFILE",		NULL,	LDAP_OPT_X_TLS_RANDOM_FILE},
+	{0, ATTR_TLS,	"TLS_CIPHER_SUITE",	NULL,	LDAP_OPT_X_TLS_CIPHER_SUITE},
 #endif
 
 	{0, ATTR_NONE,		NULL,		NULL,	0}
diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index dfbace08f7..080989081f 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -1065,6 +1065,7 @@ ldap_int_tls_config( LDAP *ld, int option, const char *arg )
 	case LDAP_OPT_X_TLS_CERTFILE:
 	case LDAP_OPT_X_TLS_KEYFILE:
 	case LDAP_OPT_X_TLS_RANDOM_FILE:
+	case LDAP_OPT_X_TLS_CIPHER_SUITE:
 		return ldap_pvt_tls_set_option( ld, option, (void *) arg );
 
 	case LDAP_OPT_X_TLS_REQUIRE_CERT: