upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-24 00:29:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Implemented ldap_pvt_tls_get_peer() for use with SASL/EXTERNAL.

Browse source 
Added ldap_pvt_tls_get_strength() - return encryption strength, for
use as a SASL session security factor.
This commit is contained in:
Howard Chu 2000-08-16 23:27:41 +00:00
parent c243a6fa92
commit 0f8047b95e
3 changed files with 51 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/ldap_pvt.h
View file

@ -164,6 +164,8 @@ LDAP_F (int) ldap_pvt_tls_connect LDAP_P(( struct ldap *ld, Sockbuf *sb, void *c
LDAP_F (int) ldap_pvt_tls_accept LDAP_P(( Sockbuf *sb, void *ctx_arg ));
LDAP_F (void *) ldap_pvt_tls_sb_handle LDAP_P(( Sockbuf *sb ));
LDAP_F (void *) ldap_pvt_tls_get_handle LDAP_P(( struct ldap *ld ));
LDAP_F (const char *) ldap_pvt_tls_get_peer LDAP_P(( void *handle ));
LDAP_F (int) ldap_pvt_tls_get_strength LDAP_P(( void *handle ));
LDAP_F (int) ldap_pvt_tls_inplace LDAP_P(( Sockbuf *sb ));
LDAP_F (int) ldap_pvt_tls_start LDAP_P(( struct ldap *ld, Sockbuf *sb, void *ctx_arg ));

46
libraries/libldap/tls.c
View file

@ -658,16 +658,54 @@ ldap_pvt_tls_get_handle( LDAP *ld )
return ldap_pvt_tls_sb_handle( ld->ld_sb );
}
const char *
ldap_pvt_tls_get_peer( LDAP *ld )
int
ldap_pvt_tls_get_strength( void *s )
{
return NULL;
SSL_CIPHER *c;
c = SSL_get_current_cipher((SSL *)s);
return SSL_CIPHER_get_bits(c, NULL);
}
const char *
ldap_pvt_tls_get_peer( void *s )
{
X509 *x;
X509_NAME *xn;
char buf[2048], *p;
x = SSL_get_peer_certificate((SSL *)s);
if (!x)
return NULL;
xn = X509_get_subject_name(x);
p = LDAP_STRDUP(X509_NAME_oneline(xn, buf, sizeof(buf)));
X509_free(x);
return p;
}
const char *
ldap_pvt_tls_get_peer_issuer( LDAP *ld )
ldap_pvt_tls_get_peer_issuer( void *s )
{
#if 0 /* currently unused; see ldap_pvt_tls_get_peer() if needed */
X509 *x;
X509_NAME *xn;
char buf[2048], *p;
x = SSL_get_peer_certificate((SSL *)s);
if (!x)
return NULL;
xn = X509_get_issuer_name(x);
p = LDAP_STRDUP(X509_NAME_oneline(xn, buf, sizeof(buf)));
X509_free(x);
return p;
#else
return NULL;
#endif
}
int

9
servers/slapd/connection.c
View file

@ -919,12 +919,17 @@ int connection_read(ber_socket_t s)
connection_close( c );
} else if ( rc == 0 ) {
void *ssl;
unsigned ssf;
char *authid;
c->c_needs_tls_accept = 0;
#if 0
/* we need to let SASL know */
ssl = (void *)ldap_pvt_tls_sb_handle( c->c_sb );
ssf = (unsigned)ldap_pvt_tls_get_strength( ssl );
authid = (char *)ldap_pvt_tls_get_peer( ssl );
slap_sasl_external( c, ssf, authid );
#endif
}
connection_return( c );
ldap_pvt_thread_mutex_unlock( &connections_mutex );