[Issue 10337] New: Global TLS options not inherited in context

openldap-its Wed, 14 May 2025 00:59:09 -0700

https://bugs.openldap.org/show_bug.cgi?id=10337


          Issue ID: 10337
           Summary: Global TLS options not inherited in context
           Product: OpenLDAP
           Version: 2.6.9
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: libraries
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

During ldap_create, global options are copied

See
https://github.com/openldap/openldap/blob/OPENLDAP_REL_ENG_2_6_9/libraries/libldap/open.c#L148

        /* copy the global options */
        AC_MEMCPY(&ld->ld_options, gopts, sizeof(ld->ld_options));

But not the TLS string options

See
https://github.com/openldap/openldap/blob/OPENLDAP_REL_ENG_2_6_9/libraries/libldap/open.c#L197

        /* We explicitly inherit the SSL_CTX, don't need the names/paths. Leave
         * them empty to allow new SSL_CTX's to be created from scratch.
         */
        memset( &ld->ld_options.ldo_tls_info, 0,
                sizeof( ld->ld_options.ldo_tls_info ));
        ld->ld_options.ldo_tls_ctx = NULL;

Which create inconsistency when trying to generate a newctx

For the context

See 
* https://github.com/php/php-src/issues/17776 => why tls_newctx is needed
* https://github.com/php/php-src/issues/18529 => regression

On PHP side a possible workaround is to do the copyu manually
* https://github.com/php/php-src/pull/18547

But should probably be handled at openldap library

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 10337] New: Global TLS options not inherited in context

Reply via email to