]> granicus.if.org Git - apache/commitdiff
Make sure that the LDAPVerifyServerCert patch is compatibile with apr-util 1.1.x...
authorBradley Nicholes <bnicholes@apache.org>
Thu, 12 May 2005 15:35:55 +0000 (15:35 +0000)
committerBradley Nicholes <bnicholes@apache.org>
Thu, 12 May 2005 15:35:55 +0000 (15:35 +0000)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@169834 13f79535-47bb-0310-9956-ffa450edef68

modules/ldap/util_ldap.c

index 8a1d5ff64f700dcd2a47e442b3425077963b7d9e..0ea9a9a147690a35f5d0cf2a59f1e54bf4969d72 100644 (file)
@@ -330,8 +330,31 @@ static int uldap_connection_open(request_rec *r,
         /* always default to LDAP V3 */
         ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
 
+/*XXX All of the #ifdef's need to be removed once apr-util 1.2 is released */
+#ifdef APR_LDAP_OPT_VERIFY_CERT
         apr_ldap_set_option(ldc->pool, ldc->ldap, 
                             APR_LDAP_OPT_VERIFY_CERT, &(st->verify_svr_cert), &(result));
+#else
+#if defined(LDAPSSL_VERIFY_SERVER)
+        if (st->verify_svr_cert) {
+            result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_SERVER);
+        }
+        else {
+            result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_NONE);
+        }
+#elif defined(LDAP_OPT_X_TLS_REQUIRE_CERT)
+               /* This is not a per-connection setting so just pass NULL for the
+                  Ldap connection handle */
+        if (st->verify_svr_cert) {
+                       int i = LDAP_OPT_X_TLS_DEMAND;
+                       result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i);
+        }
+        else {
+                       int i = LDAP_OPT_X_TLS_NEVER;
+                       result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i);
+        }
+#endif
+#endif
 
 #ifdef LDAP_OPT_NETWORK_TIMEOUT
         if (st->connectionTimeout > 0) {