I would suggest that all of the SDKs call ldapssl_init() rather than ldap_init(). At least according to the Novell documentation, calling ldapssl_init(,,0) is equivalent to calling ldap_init() and you won't have problem like you would if another ldap call is made between the calls to called ldap_init() and ldapssl_install_routines(). It also appears that start_tls() doesn't work at least on the Novell SDK if ldap_init()->ldapssl_install_routines() is called instead of ldapssl_init().
Brad >>> [EMAIL PROTECTED] Monday, January 10, 2005 11:59:34 AM >>> Author: bnicholes Date: Mon Jan 10 10:59:32 2005 New Revision: 124821 URL: http://svn.apache.org/viewcvs?view=rev&rev=124821 Log: -Since the apr_ldap_opt_tls_cert_t* structure is call be used as a linked list, make sure that it initialized to NULL before passing it into apr_ldap_set_option(). Otherwise the code will try to follow garbage links. -Use the correct APR_LDAP_OPT_TLS_CERT #define when calling apr_ldap_set_option() to add a certificate. -For the Novell LDAP SDK, always initialize the connection with ldapssl_init() function. Suggest that all SDKs do the same. Modified: apr/apr-util/trunk/ldap/apr_ldap_init.c Modified: apr/apr-util/trunk/ldap/apr_ldap_init.c Url: http://svn.apache.org/viewcvs/apr/apr-util/trunk/ldap/apr_ldap_init.c?view=diff&rev=124821&p1=apr/apr-util/trunk/ldap/apr_ldap_init.c&r1=124820&p2=apr/apr-util/trunk/ldap/apr_ldap_init.c&r2=124821 ============================================================================== --- apr/apr-util/trunk/ldap/apr_ldap_init.c (original) +++ apr/apr-util/trunk/ldap/apr_ldap_init.c Mon Jan 10 10:59:32 2005 @@ -65,10 +65,10 @@ /* if a certificate was specified, set it */ if (cert_auth_file) { - apr_ldap_opt_tls_cert_t *cert = (apr_ldap_opt_tls_cert_t *)apr_palloc(pool, sizeof(apr_ldap_opt_tls_cert_t)); + apr_ldap_opt_tls_cert_t *cert = (apr_ldap_opt_tls_cert_t *)apr_pcalloc(pool, sizeof(apr_ldap_opt_tls_cert_t)); cert->type = cert_file_type; cert->path = cert_auth_file; - return apr_ldap_set_option(pool, NULL, APR_LDAP_OPT_TLS, (void *)cert, result_err); + return apr_ldap_set_option(pool, NULL, APR_LDAP_OPT_TLS_CERT, (void *)cert, result_err); } #else /* not compiled with SSL Support */ @@ -144,7 +144,16 @@ apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); *result_err = result; +#if APR_HAS_NOVELL_LDAPSDK + if (secure == APR_LDAP_SSL) { + *ldap = ldapssl_init(hostname, portno, 1); + } + else { + *ldap = ldapssl_init(hostname, portno, 0); + } +#else *ldap = ldap_init((char *)hostname, portno); +#endif if (*ldap != NULL) { return apr_ldap_set_option(pool, *ldap, APR_LDAP_OPT_TLS, &secure, result_err); }
