From: Ralf Haferkamp Date: Thu, 22 Mar 2001 10:29:02 +0000 (+0000) Subject: - The library now supports StartTLS. The patch was provided by Jeff Costlow X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~1477 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6997f7a7ed283b5290aa27cb4c1d29a069d59793;p=openldap - The library now supports StartTLS. The patch was provided by Jeff Costlow --- diff --git a/contrib/ldapc++/src/LDAPAsynConnection.cpp b/contrib/ldapc++/src/LDAPAsynConnection.cpp index d422dff332..79223c94e4 100644 --- a/contrib/ldapc++/src/LDAPAsynConnection.cpp +++ b/contrib/ldapc++/src/LDAPAsynConnection.cpp @@ -36,8 +36,8 @@ LDAPAsynConnection::LDAPAsynConnection(const string& hostname, int port, LDAPAsynConnection::~LDAPAsynConnection(){ DEBUG(LDAP_DEBUG_DESTROY, "LDAPAsynConnection::~LDAPAsynConnection()" << endl); - delete m_constr; unbind(); + //delete m_constr; } void LDAPAsynConnection::init(const string& hostname, int port){ @@ -53,6 +53,10 @@ void LDAPAsynConnection::init(const string& hostname, int port){ ldap_set_option(cur_session, LDAP_OPT_PROTOCOL_VERSION, &opt); } +int LDAPAsynConnection::start_tls(){ + return ldap_start_tls_s( cur_session, NULL, NULL ); +} + LDAPMessageQueue* LDAPAsynConnection::bind(const string& dn, const string& passwd, const LDAPConstraints *cons){ DEBUG(LDAP_DEBUG_TRACE, "LDAPAsynConnection::bind()" << endl); diff --git a/contrib/ldapc++/src/LDAPAsynConnection.h b/contrib/ldapc++/src/LDAPAsynConnection.h index 899af2d15d..1b3edf497e 100644 --- a/contrib/ldapc++/src/LDAPAsynConnection.h +++ b/contrib/ldapc++/src/LDAPAsynConnection.h @@ -77,7 +77,7 @@ class LDAPAsynConnection{ virtual ~LDAPAsynConnection(); /** - * Initzializes a connection to a server. + * Initializes a connection to a server. * * There actually no * communication to the server. Just the object is initialized @@ -89,6 +89,14 @@ class LDAPAsynConnection{ */ void init(const string& hostname, int port); + /** + * Start TLS on this connection. This isn't in the constructor, + * because it could fail (i.e. server doesn't have SSL cert, client + * api wasn't compiled against OpenSSL, etc.). If you need TLS, + * then you should error if this call fails with an error code. + */ + int start_tls(); + /** Simple authentication to a LDAP-Server * * @throws LDAPException If the Request could not be sent to the diff --git a/contrib/ldapc++/src/LDAPConnection.cpp b/contrib/ldapc++/src/LDAPConnection.cpp index de83f32093..cc8d713d49 100644 --- a/contrib/ldapc++/src/LDAPConnection.cpp +++ b/contrib/ldapc++/src/LDAPConnection.cpp @@ -22,6 +22,10 @@ LDAPConnection::LDAPConnection(const string& hostname, int port, LDAPConnection::~LDAPConnection(){ } + +int LDAPConnection::start_tls(){ + return LDAPAsynConnection::start_tls(); +} void LDAPConnection::bind(const string& dn, const string& passwd, LDAPConstraints* cons){ diff --git a/contrib/ldapc++/src/LDAPConnection.h b/contrib/ldapc++/src/LDAPConnection.h index 7016665fe3..c40b444318 100644 --- a/contrib/ldapc++/src/LDAPConnection.h +++ b/contrib/ldapc++/src/LDAPConnection.h @@ -68,6 +68,14 @@ class LDAPConnection : private LDAPAsynConnection { */ void init(const string& hostname, int port); + /** + * Start TLS on this connection. This isn't in the constructor, + * because it could fail (i.e. server doesn't have SSL cert, client + * api wasn't compiled against OpenSSL, etc.). If you need TLS, + * then you should error if this call fails with an error code. + */ + int start_tls(); + /** * Performs a simple authentication with the server *