Differential D11520

kldap: add support for TLS CA certificate handling
ClosedPublic
Actions

Authored by junghans on Mar 20 2018, 5:43 PM.

Details

Reviewers
mlaurent
dvratil
Commits
R178:4339c08880cb: kldap: add support for TLS CA certificate handling
Summary

This implements basic support for setting the TLS certificate request option (LDAP_OPT_X_TLS_REQUIRE_CERT) as well as a dedicated certificate
file for checking server certificate (LDAP_OPT_X_TLS_CACERTFILE).

Test Plan

TLS connection to LDAP server with self-signed certificate

  • scenario a) none of the new options set -> connection fails due to missing certificate to check against
  • scenario b) use LdapServer::TLSReqCertNever which makes the connection succeed
  • scenario c) use LdapServer::TLSReqCertHard and set tlsCACertFile which makes the connection succeed

Diff Detail

Repository
R178 PIM: KLDAP
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
junghans created this revision.Mar 20 2018, 5:43 PM
Restricted Application added a project: KDE PIM. · View Herald TranscriptMar 20 2018, 5:43 PM
Restricted Application added a subscriber: KDE PIM. · View Herald Transcript
junghans requested review of this revision.Mar 20 2018, 5:43 PM
dvratil requested changes to this revision.Mar 20 2018, 5:57 PM
dvratil added a subscriber: dvratil.

Looks good, just a minor nitpick regarding the strings - since they are localizable and thus can be shown to users, they should use proper terms

src/ldapconnection.cpp
303

s/cert/certificate/

323

s/cert/certificate/

332

s/init/initialize/

This revision now requires changes to proceed.Mar 20 2018, 5:57 PM
junghans updated this revision to Diff 30022.Mar 20 2018, 6:03 PM

Improved user-visible error strings

dvratil accepted this revision.Mar 20 2018, 6:16 PM
This revision is now accepted and ready to land.Mar 20 2018, 6:16 PM
mlaurent accepted this revision.Mar 21 2018, 5:46 AM
Closed by commit R178:4339c08880cb: kldap: add support for TLS CA certificate handling (authored by mlaurent). · Explain WhyMar 21 2018, 12:42 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathPackages
Msrc/ldapconnection.cpp (38 lines)
Msrc/ldapserver.h (33 lines)
Msrc/ldapserver.cpp (24 lines)

Diff 30122

View Options

src/ldapconnection.cpp

Loading...
View Options

src/ldapserver.h

Loading...
View Options

src/ldapserver.cpp

Loading...