Use certificate handling code for both SSL and TLS
ClosedPublic

Authored by junghans on Apr 17 2020, 12:23 PM.

Details

Summary

The initial certificate handling code has been implemented for TLS only. Since it works for SSL as well and may be required in some scenarious, use the code whenever any security protocol is configured.

Diff Detail

Repository
R178 PIM: KLDAP
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
junghans created this revision.Apr 17 2020, 12:23 PM
Restricted Application added a subscriber: kde-pim. · View Herald TranscriptApr 17 2020, 12:23 PM
junghans requested review of this revision.Apr 17 2020, 12:23 PM

Hi,
Did you test on a server which use SSL ?
Regards

Yes, I tested against Samba 4.7 with both SSL (LDAPS/port 636) and TLS. The CA certificate has been supplied via LdapServer::setTLSCACertFile(...) and verification enforced via LdapServer::setTLSRequireCertificate(LdapServer::TLSReqCertHard). Without this patch, only TLS works even when setting LdapServer::TLSReqCertNever since this option is ignored in the previous implementation for the SSL case. With this patch applied, SSL/LDAPS works fine too.

mlaurent accepted this revision.Apr 19 2020, 8:57 AM

ok. Thanks

This revision is now accepted and ready to land.Apr 19 2020, 8:57 AM
junghans added a comment.EditedApr 21 2020, 9:56 AM

Thanks for reviewing! Is there any timeline when the changes will be visible in the Git repository?

Do you have commit access ? or you want that I commit it ?

I just applied for a developer account. Once approved and got access to the kldap repository, I'll commit the changes. If things do not work this way, you can commit the changes too.

knauss added a subscriber: knauss.Apr 21 2020, 6:22 PM

I just applied for a developer account. Once approved and got access to the kldap repository, I'll commit the changes. If things do not work this way, you can commit the changes too.

Normally we only give people after some patches developer access, as with this you have commit access to every KDE repos. In order to push your commit, we need your name, that we use as author of the commit.

OK, then please commit the changes as Tobias Junghans <tobias.junghans@veyon.io> - thanks in advance :-)

This revision was automatically updated to reflect the committed changes.