Add callbacks for client TLS connection establishment:

LDAP_OPT_X_TLS_CONNECT_CB and LDAP_OPT_X_TLS_CONNECT_ARG with int (LDAP_TLS_CONNECT_CB) (LDAP *ld, SSL *ssl, SSL_CTX *ctx, void *arg) To be called whenever the client library allocates a new SSL* handle.
2025-04-12 15:10:31 +08:00 · 2004-11-23 03:48:09 +00:00 · 2004-11-23 03:48:09 +00:00 · ae592801aa
commit ae592801aa
parent 99ee94a3de
4 changed files with 27 additions and 0 deletions
--- a/include/ldap.h
+++ b/include/ldap.h
@ -134,6 +134,8 @@ LDAP_BEGIN_DECL
 #define LDAP_OPT_X_TLS_RANDOM_FILE	0x6009
 #define LDAP_OPT_X_TLS_SSL_CTX		0x600a
 #define LDAP_OPT_X_TLS_CRLCHECK		0x600b
+#define LDAP_OPT_X_TLS_CONNECT_CB	0x600c
+#define LDAP_OPT_X_TLS_CONNECT_ARG	0x600d

 #define LDAP_OPT_X_TLS_NEVER	0
 #define LDAP_OPT_X_TLS_HARD		1
--- a/include/ldap_pvt.h
+++ b/include/ldap_pvt.h
@ -241,6 +241,9 @@ LDAP_F (int) ldap_pvt_tls_init_default_ctx LDAP_P(( void ));

 typedef int LDAPDN_rewrite_dummy LDAP_P (( void *dn, unsigned flags ));

+typedef int (LDAP_TLS_CONNECT_CB) LDAP_P (( struct ldap *ld, void *ssl,
+	void *ctx, void *arg ));
+
 LDAP_F (int) ldap_pvt_tls_get_my_dn LDAP_P(( void *ctx, struct berval *dn,
 	LDAPDN_rewrite_dummy *func, unsigned flags ));
 LDAP_F (int) ldap_pvt_tls_get_peer_dn LDAP_P(( void *ctx, struct berval *dn,
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@ -170,6 +170,8 @@ struct ldapoptions {

 #ifdef HAVE_TLS
   	int			ldo_tls_mode;
+	LDAP_TLS_CONNECT_CB	*ldo_tls_connect_cb;
+	void*			ldo_tls_connect_arg;
 #endif

 	LDAPURLDesc *ldo_defludp;
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@ -713,6 +713,7 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
 		ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );

 	} else {
+		struct ldapoptions *lo;
 		void *ctx = ld->ld_defconn
 			? ld->ld_defconn->lconn_tls_ctx : NULL;

@ -728,8 +729,15 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
 			LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );

 		if( ctx == NULL ) {
+			ctx = tls_def_ctx;
 			conn->lconn_tls_ctx = tls_def_ctx;
 		}
+		lo = &ld->ld_options;
+		if ( lo->ldo_tls_connect_cb )
+			lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
+		lo = LDAP_INT_GLOBAL_OPT();   
+		if ( lo && lo->ldo_tls_connect_cb )
+			lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
 	}

 	err = SSL_connect( ssl );
@ -1201,6 +1209,12 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
 		*(void **)arg = retval;
 		break;
 	}
+	case LDAP_OPT_X_TLS_CONNECT_CB:
+		*(LDAP_TLS_CONNECT_CB **)arg = lo->ldo_tls_connect_cb;
+		break;
+	case LDAP_OPT_X_TLS_CONNECT_ARG:
+		*(void **)arg = lo->ldo_tls_connect_arg;
+		break;
 	default:
 		return -1;
 	}
@ -1253,6 +1267,12 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
 			ld->ld_defconn->lconn_tls_ctx = arg;
 		}
 		return 0;
+	case LDAP_OPT_X_TLS_CONNECT_CB:
+		lo->ldo_tls_connect_cb = (LDAP_TLS_CONNECT_CB *)arg;
+		return 0;
+	case LDAP_OPT_X_TLS_CONNECT_ARG:
+		lo->ldo_tls_connect_arg = arg;
+		return 0;
 	}

 	if ( ld != NULL ) {