From 5f5d50aeb07810eff42aef8155a17457958e970e Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Sun, 5 Sep 2004 07:21:20 +0000 Subject: [PATCH] Add TLS cipher suite directive to ldap.conf(5) --- doc/man/man5/ldap.conf.5 | 5 +++++ libraries/libldap/init.c | 13 +++++++------ libraries/libldap/tls.c | 1 + 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5 index 5c75bc62c9..0821a62db0 100644 --- a/doc/man/man5/ldap.conf.5 +++ b/doc/man/man5/ldap.conf.5 @@ -220,6 +220,11 @@ file. Currently, the private key must not be protected with a password, so it is of critical importance that the key file is protected carefully. This is a user\-only option. .TP +.B TLS_CIPHER_SUITE +Specifies acceptable cipher suite and preference order. + should be a cipher specification for OpenSSL, +e.g., HIGH:MEDIUM:+SSLv2. +.TP .B TLS_RANDFILE Specifies the file to obtain random bits from when /dev/[u]random is not available. Generally set to the name of the EGD/PRNGD socket. diff --git a/libraries/libldap/init.c b/libraries/libldap/init.c index 7e88825da4..81938ec9ad 100644 --- a/libraries/libldap/init.c +++ b/libraries/libldap/init.c @@ -91,12 +91,13 @@ static const struct ol_attribute { #endif #ifdef HAVE_TLS - {1, ATTR_TLS, "TLS_CERT", NULL, LDAP_OPT_X_TLS_CERTFILE}, - {1, ATTR_TLS, "TLS_KEY", NULL, LDAP_OPT_X_TLS_KEYFILE}, - {0, ATTR_TLS, "TLS_CACERT", NULL, LDAP_OPT_X_TLS_CACERTFILE}, - {0, ATTR_TLS, "TLS_CACERTDIR",NULL, LDAP_OPT_X_TLS_CACERTDIR}, - {0, ATTR_TLS, "TLS_REQCERT", NULL, LDAP_OPT_X_TLS_REQUIRE_CERT}, - {0, ATTR_TLS, "TLS_RANDFILE", NULL, LDAP_OPT_X_TLS_RANDOM_FILE}, + {1, ATTR_TLS, "TLS_CERT", NULL, LDAP_OPT_X_TLS_CERTFILE}, + {1, ATTR_TLS, "TLS_KEY", NULL, LDAP_OPT_X_TLS_KEYFILE}, + {0, ATTR_TLS, "TLS_CACERT", NULL, LDAP_OPT_X_TLS_CACERTFILE}, + {0, ATTR_TLS, "TLS_CACERTDIR", NULL, LDAP_OPT_X_TLS_CACERTDIR}, + {0, ATTR_TLS, "TLS_REQCERT", NULL, LDAP_OPT_X_TLS_REQUIRE_CERT}, + {0, ATTR_TLS, "TLS_RANDFILE", NULL, LDAP_OPT_X_TLS_RANDOM_FILE}, + {0, ATTR_TLS, "TLS_CIPHER_SUITE", NULL, LDAP_OPT_X_TLS_CIPHER_SUITE}, #endif {0, ATTR_NONE, NULL, NULL, 0} diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c index dfbace08f7..080989081f 100644 --- a/libraries/libldap/tls.c +++ b/libraries/libldap/tls.c @@ -1065,6 +1065,7 @@ ldap_int_tls_config( LDAP *ld, int option, const char *arg ) case LDAP_OPT_X_TLS_CERTFILE: case LDAP_OPT_X_TLS_KEYFILE: case LDAP_OPT_X_TLS_RANDOM_FILE: + case LDAP_OPT_X_TLS_CIPHER_SUITE: return ldap_pvt_tls_set_option( ld, option, (void *) arg ); case LDAP_OPT_X_TLS_REQUIRE_CERT: -- 2.39.5