Menu
▾
▴
Re: TLS context
|
From: Jacek K. <ja...@bn...> - 2001-11-12 10:16:40
|
On Sun, Nov 11, 2001 at 03:20:06PM +0100, Michael Str=F6der wrote:
> > I have not yet checked if TLS options all global or connection-specific.
>=20
> I would assume that TLS/SSL options are connection-specific since
> you might have different trusted root CA certs, etc.
I have checked this and it turned out, that mose TLS options are global,
and cannot be set per LDAPObject.=20
To support global options (which can eventualy be available as object
options) I have moved part of setattr and getattr of LDAPObject to other
functions, which can also be used without object for setting global
options.
Here is (working) fragment of python-ldap program:
import ldap
ldap.set_option("tls_require_cert",1)
ldap.set_option("tls_cacertfile","my_cacerts.pem")
l=3Dldap.initialize("https://some.ldap.server")
l.tls=3Dldap.TLS_HARD
l.bind("","")
Should I commit the changes (as soon as I polish them a bit more)?
And is there any way to make it work like this?:
ldap.tls_require_cert=3D1
It is easy for object (that is the way it is done for LDAPObject), but
is there any way to implement this in module?
And one more thing:
Do we really need suport for OpenLDAP < 2.x?
Now python-ldap compiled with OpenLDAP1 and python-ldap compiled with
OpenLDAP2 are so different as they are different modules. And the code
is quite hard to maintain.
It was long time ago, when OpenLDAP2 was experimental.
Greets,
Jacek
|
