From: Bradley Nicholes Date: Thu, 12 May 2005 15:35:55 +0000 (+0000) Subject: Make sure that the LDAPVerifyServerCert patch is compatibile with apr-util 1.1.x... X-Git-Tag: 2.1.5~118 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b11927779176c8c296f1f56f5b24f4b8651d97b8;p=apache Make sure that the LDAPVerifyServerCert patch is compatibile with apr-util 1.1.x. Once apr-util 1.2 is released, the ifdef's need to be removed and apr_ldap_set_option() will handle the SDK differences. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@169834 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c index 8a1d5ff64f..0ea9a9a147 100644 --- a/modules/ldap/util_ldap.c +++ b/modules/ldap/util_ldap.c @@ -330,8 +330,31 @@ static int uldap_connection_open(request_rec *r, /* always default to LDAP V3 */ ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version); +/*XXX All of the #ifdef's need to be removed once apr-util 1.2 is released */ +#ifdef APR_LDAP_OPT_VERIFY_CERT apr_ldap_set_option(ldc->pool, ldc->ldap, APR_LDAP_OPT_VERIFY_CERT, &(st->verify_svr_cert), &(result)); +#else +#if defined(LDAPSSL_VERIFY_SERVER) + if (st->verify_svr_cert) { + result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_SERVER); + } + else { + result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_NONE); + } +#elif defined(LDAP_OPT_X_TLS_REQUIRE_CERT) + /* This is not a per-connection setting so just pass NULL for the + Ldap connection handle */ + if (st->verify_svr_cert) { + int i = LDAP_OPT_X_TLS_DEMAND; + result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i); + } + else { + int i = LDAP_OPT_X_TLS_NEVER; + result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i); + } +#endif +#endif #ifdef LDAP_OPT_NETWORK_TIMEOUT if (st->connectionTimeout > 0) {