Howard Chu wrote:
Actually, the way we do it is bad, which is to disable caching on outgoing SSL connections. Nelson commented on this in a thread on mozilla.dev.tech.crypto. I think you use SSL_SetSockPeerID() but I'd have to look up that thread to be sure.Howard Chu wrote:Message: 1 Date: Mon, 06 Jul 2009 13:20:22 -0600 From: Rich Megginson<rmeggins@xxxxxxxxxx>Note - the patch does not contain the diffs for configure nor Makefile.inhttp://rmeggins.fedorapeople.org/0001-OpenLDAP-support.patchAs noted in your patch, the OpenLDAP API doesn't provide any options to control SSL session caching. In the past I hacked that into my clients by retrieving the OpenSSL context handles and using the OpenSSL API directly. Obviously that's not a viable way forward since we now have 3 different TLS libraries to deal with. So, we will probably be adding a couple set_option() flags for this purpose Real Soon Now. If there's anything good or bad about the way MozLDAP handles this, let me know what you think...
This is tricky - with MozNSS you have to do this before you detach from the terminal, but after you fork().We'll also be providing a callback for obtaining the password for the private key... Again that's something we've ignored because OpenSSL has provided its own for so long.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- 389-devel mailing list 389-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
