Do you know what needs to replace ldapssl_client_init(cert7.db, NULL), ldapssl_clientauth_init(cert7.db, NULL, ...), other ldapssl_* functions or do you know where can I find source code for the above APIs? Where do I find libssldap source code?
Do you know where can I find sample code or implementation that openSSL is used instead of stnadard SSL (libssldap) with LDAP?
Thanks for any input/help.
Maxim Kreynin wrote:
HiThe only good and reliable way to use your own SSL is to use:
ldap_set_option( ld, LDAP_OPT_IO_FN_PTRS, &my_io_struct);and populate my_io_struct with your own implementation of I/O
functions. The caveat is to have every single one of them
reimplemented - otherwise you'll get access violation at run-time.
Using default I/Os as a base for your own implementation is a good
start 'cause there's only 4 functions you really need to override
(extend, to be precise) to implement SSL - connect, read, write,
close. Once you have your functions implemented, all you need to do to
initialize SSL is to call ldap_set_option after ldap_init - that's
all.The only problem I've come across with this approach is the need to
override liof_select. One of the file descriptors passed into a call
back (i.e. your own implementation of select) is invalid which causes
the OS native select() to return -1 and set the last error. Trying to
ignore the returned value and return 1 doesn't work 'cause further up
the stack the last error code gets checked.The real fix for this problem has to be made in
nsldapi_install_compat_io_fns (os-ip.c). Custom I/O functions'
installation should be conditioned on having each one of those
functions specified in iofns.Michael, I'm willing to provide the fix and let you put in it if you
like.Max Kreynin
