- The library now supports StartTLS. The patch was provided by Jeff Costlow

<j.costlow@f5.com>
2025-12-27 18:19:52 -05:00 · 2001-03-22 10:29:02 +00:00 · 2001-03-22 10:29:02 +00:00 · 6997f7a7ed
commit 6997f7a7ed
parent 20690a532e
4 changed files with 26 additions and 2 deletions
--- a/contrib/ldapc++/src/LDAPAsynConnection.cpp
+++ b/contrib/ldapc++/src/LDAPAsynConnection.cpp
@ -36,8 +36,8 @@ LDAPAsynConnection::LDAPAsynConnection(const string& hostname, int port,
 LDAPAsynConnection::~LDAPAsynConnection(){
    DEBUG(LDAP_DEBUG_DESTROY,
            "LDAPAsynConnection::~LDAPAsynConnection()" << endl);
-    delete m_constr;        
    unbind();
+    //delete m_constr;        
 }

 void LDAPAsynConnection::init(const string& hostname, int port){
@ -53,6 +53,10 @@ void LDAPAsynConnection::init(const string& hostname, int port){
    ldap_set_option(cur_session, LDAP_OPT_PROTOCOL_VERSION, &opt);
 }

+int LDAPAsynConnection::start_tls(){
+    return ldap_start_tls_s( cur_session, NULL, NULL );
+}
+
 LDAPMessageQueue* LDAPAsynConnection::bind(const string& dn,
        const string& passwd, const LDAPConstraints *cons){
    DEBUG(LDAP_DEBUG_TRACE, "LDAPAsynConnection::bind()" <<  endl);
--- a/contrib/ldapc++/src/LDAPAsynConnection.h
+++ b/contrib/ldapc++/src/LDAPAsynConnection.h
@ -77,7 +77,7 @@ class LDAPAsynConnection{
        virtual ~LDAPAsynConnection();

        /** 
-         * Initzializes a connection to a server. 
+         * Initializes a connection to a server. 
         * 
         * There actually no
         * communication to the server. Just the object is initialized
@ -89,6 +89,14 @@ class LDAPAsynConnection{
         */
        void init(const string& hostname, int port);

+        /**
+         * Start TLS on this connection.  This isn't in the constructor,
+         * because it could fail (i.e. server doesn't have SSL cert, client
+         * api wasn't compiled against OpenSSL, etc.).  If you need TLS,
+         * then you should error if this call fails with an error code.
+         */
+        int start_tls();
+
        /** Simple authentication to a LDAP-Server
         *
         * @throws LDAPException If the Request could not be sent to the
--- a/contrib/ldapc++/src/LDAPConnection.cpp
+++ b/contrib/ldapc++/src/LDAPConnection.cpp
@ -22,6 +22,10 @@ LDAPConnection::LDAPConnection(const string& hostname, int port,

 LDAPConnection::~LDAPConnection(){
 }
+
+int LDAPConnection::start_tls(){
+    return LDAPAsynConnection::start_tls();
+}
   
 void LDAPConnection::bind(const string& dn, const string& passwd,
        LDAPConstraints* cons){
--- a/contrib/ldapc++/src/LDAPConnection.h
+++ b/contrib/ldapc++/src/LDAPConnection.h
@ -68,6 +68,14 @@ class LDAPConnection : private LDAPAsynConnection {
         */
        void init(const string& hostname, int port);
        
+        /**
+         * Start TLS on this connection.  This isn't in the constructor,
+         * because it could fail (i.e. server doesn't have SSL cert, client
+         * api wasn't compiled against OpenSSL, etc.).  If you need TLS,
+         * then you should error if this call fails with an error code.
+         */
+        int start_tls();
+
        /** 
         * Performs a simple authentication with the server
         *