--On November 13, 2014 at 9:49:19 PM +0000 Viktor Dukhovni
<[email protected]> wrote:
On Thu, Nov 13, 2014 at 01:04:31PM -0800, Quanah Gibson-Mount wrote:
> Personally, I would prefer to see support for reporting TLS features
> of LDAP servers as a verbosity feature in ldapsearch or similar.
It's already scheduled to go into OpenLDAP. Can't talk for other LDAP
projects. I.e., it'll definitely be part of OpenLDAP 2.5 and later.
I'll be discussing with the other OpenLDAP folks if we can put it into
2.4.41 as well. However, not everyone uses the ldapsearch from OpenLDAP,
so it doesn't solve the problem in general.
Not everyone has OpenSSL. Since the wire protocol for LDAP is not
friendly to text-based user interaction (like HTTP, SMTP, IMAP,
...), I think LDAP is a poor fit for s_client/s_server.
I can throw some sample Perl Net::SSLeay code your way if you like,
and you can add the LDAP STARTTLS support by negotiating the
appropriate LDAP protocol bits before launching into an SSL handshake.
Then you have a flexible tool to which you can easily add features.
I backported the code out of OpenLDAP head for my openldap builds, which
will resolve my needs at least. ;) It would be cool to have the
Net::SSLeay code as well, however, for other tests I'd like to set up.
Thanks!
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
