Mark,
The regular ldapssl_init() functions are indeed thread safe. The earlier
recommendation of using the *pkcs* functions instead of the ldapssl* functions
has never been true. When we update our documentation last time, we
accidentially carried the warning forward. We do not recommend using the pkcs
function instead of the ldapssl* functions.
Michael
Mark wrote:
> Hello,
>
> I'm hoping some Directory SDK experts might help me out.
>
> Basically I'm trying to connect to LDAP with SSL. According to the "Netscape
> LDAP SDK 4.1" docs, ldapssl_client_init() and ldapssl_init() are the
> suggested functions. They even provide some sample code and it all works
> great.
>
> http://docs.iplanet.com/docs/manuals/dirsdk/csdk41/html/ssl.htm#13067
>
> However, if you drill down and look at the ldapssl_client_init()
> documentations it says "The use of ldapssl_pkcs_init(), a version 4.0
> function, is recommended over the use of this older SSL initialization
> function."
>
> http://docs.iplanet.com/docs/manuals/dirsdk/csdk41/html/function.htm#25963
>
> Drilling down on the ldapssl_pkcs_init() function it says, "The function
> ldap_pcks_init() [yes, that is a typo in the documentation] is preferred
> over these previous initialization because it is thread-safe, while the
> other ldapssl_*_init() functions are not." So of course I plan on using the
> ldapssl_pkcs_init() function instead.
>
> http://docs.iplanet.com/docs/manuals/dirsdk/csdk41/html/function.htm#1011532
>
> The ldap_pkcs_init() function takes a single parameter,
> int LDAP_CALL ldapssl_pkcs_init(const struct ldapssl_pkcs_fns *pfns);
>
> The structure ldapssl_pkcs_fns is defined as...
> typedef int (LDAP_PKCS_GET_TOKEN_CALLBACK)(void *context, char **tokenname);
> typedef int (LDAP_PKCS_GET_PIN_CALLBACK)(void *context, const char
> *tokenname, char **tokenpin);
> typedef int (LDAP_PKCS_GET_CERTPATH_CALLBACK)(void *context, char
> **certpath);
> typedef int (LDAP_PKCS_GET_KEYPATH_CALLBACK)(void *context,char **keypath);
> typedef int (LDAP_PKCS_GET_MODPATH_CALLBACK)(void *context, char
> **modulepath);
> typedef int (LDAP_PKCS_GET_CERTNAME_CALLBACK)(void *context, char
> **certname);
> typedef int (LDAP_PKCS_GET_DONGLEFILENAME_CALLBACK)(void *context, char
> **filename);
>
> #define PKCS_STRUCTURE_ID 1
> struct ldapssl_pkcs_fns {
> int local_structure_id;
> void *local_data;
> LDAP_PKCS_GET_CERTPATH_CALLBACK *pkcs_getcertpath;
> LDAP_PKCS_GET_CERTNAME_CALLBACK *pkcs_getcertname;
> LDAP_PKCS_GET_KEYPATH_CALLBACK *pkcs_getkeypath;
> LDAP_PKCS_GET_MODPATH_CALLBACK *pkcs_getmodpath;
> LDAP_PKCS_GET_PIN_CALLBACK *pkcs_getpin;
> LDAP_PKCS_GET_TOKEN_CALLBACK *pkcs_gettokenname;
> LDAP_PKCS_GET_DONGLEFILENAME_CALLBACK *pkcs_getdonglefilename;
> };
>
> There is no explanation how to fill this structure, nowhere does it describe
> what the contact void pointer is in each function parameter.
>
> On a SDK 4.0 release notes page
> http://www.mit.edu/afs/athena/astaff/project/ldap/mozilla2k/sdkc4.0/relnotes
> .htm I found this link...
>
> http://home.netscape.com/eng/server/directory/4.1/technotes/ldap_pkcs_init.h
> tml
>
> but it no longer exists.
>
> Any help with the ldapssl_pkcs_init function or the ldapssl_pkcs_fns
> structure would be appreciated.
>
> Thanks,
> Mark
