[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-devel
Subject: Re: OpenSSL provider support in openldap: OSSL_STORE_open()
From: Howard Chu <hyc () symas ! com>
Date: 2024-01-03 18:02:11
Message-ID: 36429987-c565-a449-a18f-73f9be7fe597 () symas ! com
[Download RAW message or body]
Graham Leggett wrote:
> On 19 Dec 2023, at 12:45, Graham Leggett <minfrin@sharp.fm> wrote:
>
> > A search in the openldap source shows we don't yet support the OpenSSL3 provider \
> > OSSL_STORE_open() call, which takes a URL as a parameter.
> > I'm happy to patch the openldap client to support this, would it make sense to \
> > add a LDAP_OPT_X_TLS_URL option to ldap_option_set()?
>
> Patch available here:
>
> https://bugs.openldap.org/show_bug.cgi?id=10149
Looks a bit like a chicken'n'egg situation, why should anyone trust the connection \
that was used to retrieve certs and keys from the designated URI?
>
> This allows replication in 389ds to be fixed, with the patch available here for \
> anyone interested:
> https://github.com/389ds/389-ds-base/pull/6021
>
> Regards,
> Graham
> —
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic