Tcl Library Source Code

Artifact [465e36c369]
Login
Core Home Blog Docs Downloads Tickets Timeline Branches Tags Wiki
Download Hex Parsed

Artifact 465e36c369ebfe9df5816f9da5bd8ccfaa15837d48e7240744ff513dba7f9740:

Ticket change [465e36c369] - Ticket [60160205fe965d61|60160205fe] <i>Broken support for LDAPS</i> status still Open with 6 other changes by aku 2018-05-17 20:08:01. 
D 2018-05-17T20:08:01.344
J assignee aku
J comment Support\sfor\sLDAPS\sis\sbroken\swith\sldap.tcl\s(and\sldapx.tcl\stoo).\r\n\r\nThis\sticket\sdetails\sa\sproblem\sand\ssuggest\simprovements\sto\sthe\sldap/ldapx\smodules.\r\n\r\n\r\n1)\sTLS\shandshake\sdoes\snot\sreport\san\sappropriate\smessage\r\n\r\n\s\sI\sam\strying\sto\sconnect\sto\sour\sLDAPS\sserver:\r\n\r\n\s\s<verbatim>Connection\serror:\sProtocol\serror:\sError\sreading\sSEQUENCE\sresponse\sfor\shandle\s::ldap::ldapsock55682b6a9da0\s:\serror\s:\s562(long\slist\sof\sbytes)</verbatim>\r\n\r\n\s\sThis\smessage\sis\snot\suseful.\sWhile\stracking\sthe\sproblem\sin\sldap::secure_connect,\sI\ssee\sthat\stls::handshake\sis\scalled\swith\sasync\sI/O\senabled\s(fconfigure\s...\s-blocking\sno).\sIf\sI\smove\sthis\sline\safter\sthe\swhile{1}\sloop,\sI\sget\sthe\smore\smeaningful\smessage:\r\n\r\n\s\s<verbatim>Connection\serror:\shandshake\sfailed:\scertificate\sverify\sfailed</verbatim>\r\n\r\n\s\sConclusion\s1\s:\sTLS\shandshake\sshould\srun\son\sa\sblocking\sconnection.\r\n\r\n\r\n2)\sldap::secure_connect\sdoes\snot\shave\sappropriate\sparameters\r\n\r\n\s\sldap::secure_connect\saccepts\sonly\sthe\sfollowing\sTLS\srelated\sparameters\s"verify_cert"\sand\s"sni_servername".\sIt\sdoes\snot\saccept\sthe\s"cafile",\s"certfile",\snot\s"keyfile"\sparameters\s(as\swith\sldap::starttls).\r\n\r\n\s\sIn\smy\sproblem\sdescribed\sin\s1),\sit\smeans\sthat\sI\scannot\sspecify\ssome\sTLS-related\sparameters.\r\n\r\n\s\sConclusion\s2\s:\sldap::secure_connect\sshould\saccept\s"cafile",\s"certfile",\sand\s"keyfile"\sparameters.\r\n\r\n\r\n3)\sTLS\sparameters\sare\snot\sin\ssync\swith\stcltls\r\n\r\n\s\stls::import\saccepts\sthe\scadir/cipher/keyfile/password\r\n\r\n\s\sConclusion\s3\s:\sldap::secure_connect\sand\sldap::starttls\sshould\saccept\sthese\sparameters\stoo\r\n\r\n4)\sThe\s"ldap\sconnect"\smethod\sin\sldapx.tcl\sshould\saccept\sTLS-related\sparameters\r\n\r\n\s\sSince\sthe\s"connect"\smethod\sof\sldap\sobjects\s(in\sldapx)\scalls\ssecure_connect,\sit\sshould\saccept\sthe\ssame\sparameters\sas\sldap::secure_connect.\r\n\r\n\s\sConclusion\s4\s:\sadd\sthese\sTLS-related\sparameters\sto\sldapx\r\n\r\nThis\sticket\sdetails\ssome\sproposals\sas\sa\sbasis\sfor\sdiscussion,\sbefore\strying\sto\simplement\sthese\spoints.
J icomment Agreed\son\s(1),\srun\sconnection\ssetup\snon-async.\r\nAgreed\son\s(2).\r\nAgreed\son\s(3).\r\nAgreed\son\s(4).\sDepending\son\show\sthe\sarguments\sare\spassed\s/\soptions\sare\shandled\sthis\smight\sbe\sautomatic,\si.e.\swith\ssecure_connect\saccepting\snew\soptions\sthe\sconnect\swill\sdo\sas\swell.\s--\sI\shaven't\slooked\sinto\sthe\scode\syet.\r\n\r\nLooking\sfor\spatches.
J login aku
J mimetype text/plain
J priority 8
K 60160205fe965d617482fd65dee13031fc16a1b7
U aku
Z 1f99016eae0170956c6b5932c69ad871
This page was generated in about 0.008s by Fossil 2.24 [f4ffefe708] 2024-04-17 14:02:19