On Thu, Nov 13, 2014 at 01:04:31PM -0800, Quanah Gibson-Mount wrote:
> >Personally, I would prefer to see support for reporting TLS features
> >of LDAP servers as a verbosity feature in ldapsearch or similar.
>
> It's already scheduled to go into OpenLDAP. Can't talk for other LDAP
> projects. I.e., it'll definitely be part of OpenLDAP 2.5 and later. I'll
> be discussing with the other OpenLDAP folks if we can put it into 2.4.41 as
> well. However, not everyone uses the ldapsearch from OpenLDAP, so it doesn't
> solve the problem in general.
Not everyone has OpenSSL. Since the wire protocol for LDAP is not
friendly to text-based user interaction (like HTTP, SMTP, IMAP,
...), I think LDAP is a poor fit for s_client/s_server.
I can throw some sample Perl Net::SSLeay code your way if you like,
and you can add the LDAP STARTTLS support by negotiating the
appropriate LDAP protocol bits before launching into an SSL handshake.
Then you have a flexible tool to which you can easily add features.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
