On Tue, October 31, 2006 1:25 am, Eric Covener wrote: > Looks like the openldap 2.4 series (alpha) can support this by > requesting a new openssl CTX > (ldap_set_option(...,APR_LDAP_OPT_X_TLS_NEWCTX,...) but I had to > explicitly call openssl's SSL_library_init(); before ldap_set_option > or it died creating the new context. > > (with the added calls, test program works as expected in per-connection > context) > > May be a limitation for util_ldap to not poke around in per-connection > settings for (earlier than 2.4) openldap, and some rework to flip the > right switches at the right time for 2.4 and better.
The logic to try and determine which behaviour to use with which LDAP SDK was abstracted into apr-util, so ideally any toolkit specific fix should go in there. Not having looked at the openldap SDK for a while - at what point do we call ldap_set_option(...,APR_LDAP_OPT_X_TLS_NEWCTX,...) - is this done just before connection? Or is it done when setting the client certificate? Is it possible to post a diff of the code that made it work for you? Regards, Graham --
