upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-25 09:09:54 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Changed ldap_pvt_tls_get_my_dn and ldap_pvt_tls_get_peer_dn to store result

Browse source 
in dn parameter and return a result code.
This commit is contained in:
Howard Chu 2002-04-30 13:50:56 +00:00
parent 22c45ec87b
commit de3e81cebb
2 changed files with 19 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
include/ldap_pvt.h
View file

@ -181,9 +181,9 @@ LDAP_F (int) ldap_pvt_tls_init_default_ctx LDAP_P(( void ));
typedef int LDAPDN_rewrite_dummy LDAP_P (( void *dn, unsigned flags ));
LDAP_F (char *) ldap_pvt_tls_get_my_dn LDAP_P(( void *ctx,
LDAP_F (int) ldap_pvt_tls_get_my_dn LDAP_P(( void *ctx, struct berval *dn,
LDAPDN_rewrite_dummy *func, unsigned flags ));
LDAP_F (char *) ldap_pvt_tls_get_peer_dn LDAP_P(( void *ctx,
LDAP_F (int) ldap_pvt_tls_get_peer_dn LDAP_P(( void *ctx, struct berval *dn,
LDAPDN_rewrite_dummy *func, unsigned flags ));
LDAP_F (int) ldap_pvt_tls_get_strength LDAP_P(( void *ctx ));

33
libraries/libldap/tls.c
View file

@ -788,21 +788,21 @@ ldap_pvt_tls_get_strength( void *s )
}
char *
ldap_pvt_tls_get_my_dn( void *s, LDAPDN_rewrite_dummy *func, unsigned flags )
int
ldap_pvt_tls_get_my_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func, unsigned flags )
{
X509 *x;
X509_NAME *xn;
struct berval dn;
int rc;
x = SSL_get_certificate((SSL *)s);
if (!x) return NULL;
if (!x) return LDAP_INVALID_CREDENTIALS;
xn = X509_get_subject_name(x);
ldap_X509dn2bv(xn, &dn, (LDAPDN_rewrite_func *)func, flags );
rc = ldap_X509dn2bv(xn, dn, (LDAPDN_rewrite_func *)func, flags );
X509_free(x);
return dn.bv_val;
return rc;
}
static X509 *
@ -819,21 +819,21 @@ tls_get_cert( SSL *s )
return SSL_get_peer_certificate(s);
}
char *
ldap_pvt_tls_get_peer_dn( void *s, LDAPDN_rewrite_dummy *func, unsigned flags )
int
ldap_pvt_tls_get_peer_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func, unsigned flags )
{
X509 *x;
X509_NAME *xn;
struct berval dn;
int rc;
x = tls_get_cert((SSL *)s);
if (!x) return NULL;
if (!x) return LDAP_INVALID_CREDENTIALS;
xn = X509_get_subject_name(x);
ldap_X509dn2bv(xn, &dn, (LDAPDN_rewrite_func *)func, flags);
rc = ldap_X509dn2bv(xn, dn, (LDAPDN_rewrite_func *)func, flags);
X509_free(x);
return dn.bv_val;
return rc;
}
char *
@ -1246,15 +1246,16 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
* set SASL properties to TLS ssf and authid
*/
{
char *authid;
struct berval authid;
ber_len_t ssf;
/* we need to let SASL know */
ssf = ldap_pvt_tls_get_strength( ssl );
authid = ldap_pvt_tls_get_my_dn( ssl, NULL, 0 );
/* failure is OK, we just can't use SASL EXTERNAL */
(void) ldap_pvt_tls_get_my_dn( ssl, &authid, NULL, 0 );
(void) ldap_int_sasl_external( ld, conn, authid, ssf );
LDAP_FREE( authid );
(void) ldap_int_sasl_external( ld, conn, authid.bv_val, ssf );
LDAP_FREE( authid.bv_val );
}
return LDAP_SUCCESS;