REGISTER_LONG_CONSTANT("GSLC_SSL_TWOWAY_AUTH", GSLC_SSL_TWOWAY_AUTH, CONST_PERSISTENT | CONST_CS);
#endif
+#if (LDAP_API_VERSION > 2000)
+ REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_REQUIRE_CERT", LDAP_OPT_X_TLS_REQUIRE_CERT, CONST_PERSISTENT | CONST_CS);
+
+ REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_NEVER", LDAP_OPT_X_TLS_NEVER, CONST_PERSISTENT | CONST_CS);
+ REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_HARD", LDAP_OPT_X_TLS_HARD, CONST_PERSISTENT | CONST_CS);
+ REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_DEMAND", LDAP_OPT_X_TLS_DEMAND, CONST_PERSISTENT | CONST_CS);
+ REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_ALLOW", LDAP_OPT_X_TLS_ALLOW, CONST_PERSISTENT | CONST_CS);
+ REGISTER_LONG_CONSTANT("LDAP_OPT_X_TLS_TRY", LDAP_OPT_X_TLS_TRY, CONST_PERSISTENT | CONST_CS);
+#endif
+
REGISTER_LONG_CONSTANT("LDAP_ESCAPE_FILTER", PHP_LDAP_ESCAPE_FILTER, CONST_PERSISTENT | CONST_CS);
REGISTER_LONG_CONSTANT("LDAP_ESCAPE_DN", PHP_LDAP_ESCAPE_DN, CONST_PERSISTENT | CONST_CS);
case LDAP_OPT_REFERRALS:
#ifdef LDAP_OPT_RESTART
case LDAP_OPT_RESTART:
+#endif
+#ifdef LDAP_OPT_X_TLS_REQUIRE_CERT
+ case LDAP_OPT_X_TLS_REQUIRE_CERT:
#endif
{
int val;
case LDAP_OPT_ERROR_NUMBER:
#ifdef LDAP_OPT_DEBUG_LEVEL
case LDAP_OPT_DEBUG_LEVEL:
+#endif
+#ifdef LDAP_OPT_X_TLS_REQUIRE_CERT
+ case LDAP_OPT_X_TLS_REQUIRE_CERT:
#endif
{
int val;
--- /dev/null
+--TEST--
+ldap_option_reqcert_basic() - Basic test to check if PHP can connect to a LDAP server with an invalid certificate with certificate checking disabled
+--CREDITS--
+Edwin Hoksberg <edwin@edwinhoksberg.nl>
+--SKIPIF--
+<?php require_once dirname(__FILE__) .'/skipif.inc'; ?>
+--FILE--
+<?php
+require "connect.inc";
+
+ldap_set_option(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
+
+$link = ldap_connect($host, $port);
+ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
+
+var_dump(@ldap_bind($link, $user, $passwd));
+?>
+===DONE===
+--EXPECT--
+bool(true)
+===DONE===
--- /dev/null
+--TEST--
+ldap_option_reqcert_error() - A test to check if ldap cant connect to a LDAP server with a invalid certificate with certificate checking enabled
+--CREDITS--
+Edwin Hoksberg <edwin@edwinhoksberg.nl>
+--SKIPIF--
+<?php require_once dirname(__FILE__) .'/skipif.inc'; ?>
+--FILE--
+<?php
+require "connect.inc";
+
+ldap_set_option(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_HARD);
+
+$link = ldap_connect($host, $port);
+ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, $protocol_version);
+
+var_dump(@ldap_bind($link, $user, $passwd));
+?>
+===DONE===
+--EXPECT--
+bool(true)
+===DONE===
--- /dev/null
+--TEST--
+ldap_option_reqcert_basic() - Error test for TLS require cert ldap option
+--CREDITS--
+Edwin Hoksberg <edwin@edwinhoksberg.nl>
+--FILE--
+<?php
+require "connect.inc";
+$link = ldap_connect($host, $port);
+
+foreach([
+ LDAP_OPT_X_TLS_NEVER,
+ LDAP_OPT_X_TLS_HARD,
+ LDAP_OPT_X_TLS_DEMAND,
+ LDAP_OPT_X_TLS_ALLOW,
+ LDAP_OPT_X_TLS_TRY,
+] as $option) {
+ $result = ldap_set_option($link, LDAP_OPT_X_TLS_REQUIRE_CERT, $option);
+ var_dump($result);
+
+ ldap_get_option($link, LDAP_OPT_X_TLS_REQUIRE_CERT, $optionval);
+ var_dump($optionval);
+}
+?>
+===DONE===
+--EXPECT--
+bool(true)
+int(0)
+bool(true)
+int(1)
+bool(true)
+int(2)
+bool(true)
+int(3)
+bool(true)
+int(4)
+===DONE===
--- /dev/null
+--TEST--
+ldap_option_reqcert_basic() - Error test for TLS require cert ldap option
+--CREDITS--
+Edwin Hoksberg <edwin@edwinhoksberg.nl>
+--SKIPIF--
+<?php require_once dirname(__FILE__) .'/skipif.inc'; ?>
+--FILE--
+<?php
+require "connect.inc";
+$link = ldap_connect($host, $port);
+$result = ldap_set_option($link, LDAP_OPT_X_TLS_REQUIRE_CERT, 9001);
+var_dump($result);
+?>
+===DONE===
+--EXPECT--
+bool(false)
+===DONE===
projects / php / commitdiff