'Re: OpenSSL provider support in openldap: OSSL_STORE_open()'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-devel
Subject:    Re: OpenSSL provider support in openldap: OSSL_STORE_open()
From:       Howard Chu <hyc () symas ! com>
Date:       2024-01-03 18:02:11
Message-ID: 36429987-c565-a449-a18f-73f9be7fe597 () symas ! com
[Download RAW message or body]

Graham Leggett wrote:
> On 19 Dec 2023, at 12:45, Graham Leggett <minfrin@sharp.fm> wrote:
> 
> > A search in the openldap source shows we don't yet support the OpenSSL3 provider \
> > OSSL_STORE_open() call, which takes a URL as a parameter. 
> > I'm happy to patch the openldap client to support this, would it make sense to \
> > add a LDAP_OPT_X_TLS_URL option to ldap_option_set()?
> 
> Patch available here:
> 
> https://bugs.openldap.org/show_bug.cgi?id=10149

Looks a bit like a chicken'n'egg situation, why should anyone trust the connection \
that was used to retrieve certs and keys from the designated URI?
> 
> This allows replication in 389ds to be fixed, with the patch available here for \
> anyone interested: 
> https://github.com/389ds/389-ds-base/pull/6021
> 
> Regards,
> Graham
> —
> 


-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic