Hi
The only good and reliable way to use your own SSL is to use:
ldap_set_option( ld, LDAP_OPT_IO_FN_PTRS, &my_io_struct);
and populate my_io_struct with your own implementation of I/O
functions. The caveat is to have every single one of them
reimplemented - otherwise you'll get access violation at run-time.
Using default I/Os as a base for your own implementation is a good
start 'cause there's only 4 functions you really need to override
(extend, to be precise) to implement SSL - connect, read, write,
close. Once you have your functions implemented, all you need to do to
initialize SSL is to call ldap_set_option after ldap_init - that's
all.
The only problem I've come across with this approach is the need to
override liof_select. One of the file descriptors passed into a call
back (i.e. your own implementation of select) is invalid which causes
the OS native select() to return -1 and set the last error. Trying to
ignore the returned value and return 1 doesn't work 'cause further up
the stack the last error code gets checked.
The real fix for this problem has to be made in
nsldapi_install_compat_io_fns (os-ip.c). Custom I/O functions'
installation should be conditioned on having each one of those
functions specified in iofns.
Michael, I'm willing to provide the fix and let you put in it if you
like.
Max Kreynin
