Author: minfrin Date: Tue Jan 18 05:49:09 2005 New Revision: 125506 URL: http://svn.apache.org/viewcvs?view=rev&rev=125506 Log: Add support for Netscape client certificates.
Modified: apr/apr-util/trunk/include/apr_ldap_option.h apr/apr-util/trunk/ldap/apr_ldap_option.c Modified: apr/apr-util/trunk/include/apr_ldap_option.h Url: http://svn.apache.org/viewcvs/apr/apr-util/trunk/include/apr_ldap_option.h?view=diff&rev=125506&p1=apr/apr-util/trunk/include/apr_ldap_option.h&r1=125505&p2=apr/apr-util/trunk/include/apr_ldap_option.h&r2=125506 ============================================================================== --- apr/apr-util/trunk/include/apr_ldap_option.h (original) +++ apr/apr-util/trunk/include/apr_ldap_option.h Tue Jan 18 05:49:09 2005 @@ -89,18 +89,19 @@ * May have one or more client certificates set per connection with a type of * APR_LDAP_CERT*, and keys with APR_LDAP_KEY*. */ -#define APR_LDAP_CA_TYPE_UNKNOWN 0 -#define APR_LDAP_CA_TYPE_DER 1 -#define APR_LDAP_CA_TYPE_BASE64 2 -#define APR_LDAP_CA_TYPE_CERT7_DB 3 -#define APR_LDAP_CA_TYPE_SECMOD 4 -#define APR_LDAP_CERT_TYPE_UNKNOWN 5 -#define APR_LDAP_CERT_TYPE_DER 6 -#define APR_LDAP_CERT_TYPE_BASE64 7 -#define APR_LDAP_CERT_TYPE_KEY3_DB 8 -#define APR_LDAP_KEY_TYPE_UNKNOWN 9 -#define APR_LDAP_KEY_TYPE_DER 10 -#define APR_LDAP_KEY_TYPE_BASE64 11 +#define APR_LDAP_CA_TYPE_UNKNOWN 0 +#define APR_LDAP_CA_TYPE_DER 1 +#define APR_LDAP_CA_TYPE_BASE64 2 +#define APR_LDAP_CA_TYPE_CERT7_DB 3 +#define APR_LDAP_CA_TYPE_SECMOD 4 +#define APR_LDAP_CERT_TYPE_UNKNOWN 5 +#define APR_LDAP_CERT_TYPE_DER 6 +#define APR_LDAP_CERT_TYPE_BASE64 7 +#define APR_LDAP_CERT_TYPE_KEY3_DB 8 +#define APR_LDAP_CERT_TYPE_NICKNAME 9 +#define APR_LDAP_KEY_TYPE_UNKNOWN 10 +#define APR_LDAP_KEY_TYPE_DER 11 +#define APR_LDAP_KEY_TYPE_BASE64 12 typedef struct apr_ldap_opt_tls_cert_t apr_ldap_opt_tls_cert_t; struct apr_ldap_opt_tls_cert_t { Modified: apr/apr-util/trunk/ldap/apr_ldap_option.c Url: http://svn.apache.org/viewcvs/apr/apr-util/trunk/ldap/apr_ldap_option.c?view=diff&rev=125506&p1=apr/apr-util/trunk/ldap/apr_ldap_option.c&r1=125505&p2=apr/apr-util/trunk/ldap/apr_ldap_option.c&r2=125506 ============================================================================== --- apr/apr-util/trunk/ldap/apr_ldap_option.c (original) +++ apr/apr-util/trunk/ldap/apr_ldap_option.c Tue Jan 18 05:49:09 2005 @@ -308,6 +308,7 @@ #if APR_HAS_NETSCAPE_LDAPSDK #if APR_HAS_LDAP_SSL_CLIENT_INIT + const char *nickname = NULL; const char *secmod = NULL; const char *key3db = NULL; const char *cert7db = NULL; @@ -324,6 +325,9 @@ case APR_LDAP_CERT_TYPE_KEY3_DB: key3db = cert->path; break; + case APR_LDAP_CERT_TYPE_NICKNAME: + nickname = cert->path; + break; default: result->rc = -1; result->reason = "LDAP: The Netscape/Mozilla LDAP SDK only " @@ -339,7 +343,17 @@ /* actually set the certificate parameters */ if (result->rc == LDAP_SUCCESS) { - if (secmod) { + if (nickname) { + result->rc = ldapssl_enable_clientauth(ldap, "", + cert->password, + nickname); + if (result->rc != LDAP_SUCCESS) { + result->reason = "LDAP: could not set client certificate: " + "ldapssl_enable_clientauth() failed."; + result->msg = ldap_err2string(result->rc); + } + } + else if (secmod) { result->rc = ldapssl_advclientauth_init(cert7db, NULL, key3db ? 1 : 0, key3db, NULL, 1, secmod, LDAPSSL_AUTH_CNCHECK);
