mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-03-01 14:15:49 +08:00
Code Issues Packages Projects Releases Wiki Activity
8b949b18c6
openldap/contrib/ldapc++/src/TlsOptions.cpp
Ralf Haferkamp 36ba454bb6 renew SSL context when setting global Options
2011-04-01 10:06:05 +02:00

122 lines
3.3 KiB
C++
Raw Blame History

// $OpenLDAP$
/*
* Copyright 2010-2011 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
#include "TlsOptions.h"
#include "LDAPException.h"
enum opttype {
INT=0,
STRING,
OTHER
};
typedef struct tls_optmap {
int optval;
opttype type;
} tls_optmap_t;
static tls_optmap_t optmap[] = {
{ LDAP_OPT_X_TLS_CACERTFILE, STRING },
{ LDAP_OPT_X_TLS_CACERTDIR, STRING },
{ LDAP_OPT_X_TLS_CERTFILE, STRING },
{ LDAP_OPT_X_TLS_KEYFILE, STRING },
{ LDAP_OPT_X_TLS_REQUIRE_CERT, INT },
{ LDAP_OPT_X_TLS_PROTOCOL_MIN, INT },
{ LDAP_OPT_X_TLS_CIPHER_SUITE, STRING },
{ LDAP_OPT_X_TLS_RANDOM_FILE, STRING },
{ LDAP_OPT_X_TLS_CRLCHECK, INT },
{ LDAP_OPT_X_TLS_DHFILE, STRING },
{ LDAP_OPT_X_TLS_NEWCTX, INT }
};
#if 0 /* not implemented currently */
static const int TLS_CRLFILE /* GNUtls only */
static const int TLS_SSL_CTX /* OpenSSL SSL* */
static const int TLS_CONNECT_CB
static const int TLS_CONNECT_ARG
#endif
static void checkOpt( TlsOptions::tls_option opt, opttype type ) {
if ( opt < TlsOptions::CACERTFILE || opt >= TlsOptions::LASTOPT ){
throw( LDAPException( LDAP_PARAM_ERROR, "unknown Option" ) );
}
if ( optmap[opt].type != type ){
throw( LDAPException( LDAP_PARAM_ERROR, "not a string option" ) );
}
}
TlsOptions::TlsOptions() : m_ld(NULL) {}
TlsOptions::TlsOptions( LDAP* ld ): m_ld(ld) { }
void TlsOptions::setOption( tls_option opt, const std::string& value ) const {
checkOpt(opt, STRING);
this->setOption( opt, value.empty() ? NULL : (void*) value.c_str() );
}
void TlsOptions::setOption( tls_option opt, int value ) const {
checkOpt(opt, INT);
this->setOption( opt, (void*) &value);
}
void TlsOptions::setOption( tls_option opt, void *value ) const {
int ret = ldap_set_option( m_ld, optmap[opt].optval, value);
if ( ret != LDAP_OPT_SUCCESS )
{
if ( ret != LDAP_OPT_ERROR ){
throw( LDAPException( ret ));
} else {
throw( LDAPException( LDAP_PARAM_ERROR, "error while setting TLS option" ) );
}
}
this->newCtx();
}
void TlsOptions::getOption( tls_option opt, void* value ) const {
int ret = ldap_get_option( m_ld, optmap[opt].optval, value);
if ( ret != LDAP_OPT_SUCCESS )
{
if ( ret != LDAP_OPT_ERROR ){
throw( LDAPException( ret ));
} else {
throw( LDAPException( LDAP_PARAM_ERROR, "error while reading TLS option" ) );
}
}
}
int TlsOptions::getIntOption( tls_option opt ) const {
int value;
checkOpt(opt, INT);
ldap_get_option( m_ld, optmap[opt].optval, (void*) &value);
return value;
}
std::string TlsOptions::getStringOption( tls_option opt ) const {
char *value;
checkOpt(opt, STRING);
ldap_get_option( m_ld, optmap[opt].optval, (void*) &value);
std::string strval;
if (value)
{
strval=std::string(value);
ldap_memfree(value);
}
return strval;
}
void TlsOptions::newCtx() const {
int val = 0;
int ret = ldap_set_option( m_ld, LDAP_OPT_X_TLS_NEWCTX, &val);
if ( ret != LDAP_OPT_SUCCESS )
{
if ( ret != LDAP_OPT_ERROR ){
throw( LDAPException( ret ));
} else {
throw( LDAPException( LDAP_LOCAL_ERROR, "error while renewing TLS context" ) );
}
}
}
Reference in New Issue View Git Blame Copy Permalink