>It was easy to abstract apr_ldap_init() to support STARTTLS, it's not as >easy to abstract it to support client certificates. > >How are client certificates specified within the Novell toolkit?
With the API's ldapssl_set_client_cert() and ldapssl_set_client_private_key() Brad >>> "Graham Leggett" <[EMAIL PROTECTED]> Thursday, January 06, 2005 1:11 AM >>> Brad Nicholes said: > The problem is that other SDKs such as Novell, do not use > ldap_set_option() to set the certificates or the SSL mode. Novell uses > ldapssl_add_trusted_cert() and ldapssl_start_tls(). As it stands the > apr_ldap_add_cert() function allows you to add as many certificates as > you like doing the correct thing for all SDKs under the covers. > apr_ldap_init() is doing the right thing as far as starting SSL, TLS or > clear ldap connection regardless of the SDK. Using > apr_ldap_set_option() to set certificates or SSL modes would be SDK > specific. It has to be abstracted by APR. That was exactly the point - it would be abstracted by APR. I think the concern seems to be that the API is getting messy, which is exactly the thing we're trying to move away from. It was easy to abstract apr_ldap_init() to support STARTTLS, it's not as easy to abstract it to support client certificates. How are client certificates specified within the Novell toolkit? Regards, Graham --
