The TLS options are OpenLDAP specific.
LDAP_OPT_X_TLS_CACERTDIR
Sets/gets the path of the directories containing CA
certificates. Multiple directories may be specified,
separated by a semi-colon. invalue must be const char *;
outvalue must be char **, and its contents need to be
freed by the caller using ldap_memfree(3).
LDAP_OPT_X_TLS_CACERTFILE
Sets/gets the full-path of the CA certificate file.
invalue must be const char *; outvalue must be char **,
and its contents need to be freed by the caller using
ldap_memfree(3).
LDAP_OPT_X_TLS_CERTFILE
Sets/gets the full-path of the certificate file. invalue
must be const char *; outvalue must be char **, and its
contents need to be freed by the caller using
ldap_memfree(3).
LDAP_OPT_X_TLS_CIPHER
Gets the cipher being used on an established TLS session.
outvalue must be char **, and its contents need to be
freed by the caller using ldap_memfree(3).
LDAP_OPT_X_TLS_CIPHER_SUITE
Sets/gets the allowed cipher suite. invalue must be const
char *; outvalue must be char **, and its contents need to
be freed by the caller using ldap_memfree(3).
LDAP_OPT_X_TLS_CONNECT_ARG
Sets/gets the connection callback argument. invalue must
be const void *; outvalue must be void **.
LDAP_OPT_X_TLS_CONNECT_CB
Sets/gets the connection callback handle. invalue must be
const LDAP_TLS_CONNECT_CB *; outvalue must be
LDAP_TLS_CONNECT_CB **.
LDAP_OPT_X_TLS_CRLCHECK
Sets/gets the CRL evaluation strategy, one of
LDAP_OPT_X_TLS_CRL_NONE, LDAP_OPT_X_TLS_CRL_PEER, or
LDAP_OPT_X_TLS_CRL_ALL. invalue must be const int *;
outvalue must be int *. Requires OpenSSL.
LDAP_OPT_X_TLS_CRLFILE
Sets/gets the full-path of the CRL file. invalue must be
const char *; outvalue must be char **, and its contents
need to be freed by the caller using ldap_memfree(3).
This option is only valid for GnuTLS.
LDAP_OPT_X_TLS_CTX
Sets/gets the TLS library context. New TLS sessions will
inherit their default settings from this library context.
invalue must be const void *; outvalue must be void **.
When using the OpenSSL library this is an SSL_CTX*. When
using other crypto libraries this is a pointer to an
OpenLDAP private structure. Applications generally should
not use this option or attempt to manipulate this
structure.
LDAP_OPT_X_TLS_DHFILE
Gets/sets the full-path of the file containing the
parameters for Diffie-Hellman ephemeral key exchange.
invalue must be const char *; outvalue must be char **,
and its contents need to be freed by the caller using
ldap_memfree(3).
LDAP_OPT_X_TLS_ECNAME
Gets/sets the name of the curve(s) used for elliptic curve
key exchanges. invalue must be const char *; outvalue
must be char **, and its contents need to be freed by the
caller using ldap_memfree(3). Ignored by GnuTLS. In
GnuTLS a curve may be selected in the cipher suite
specification.
LDAP_OPT_X_TLS_KEYFILE
Sets/gets the full-path of the certificate key file.
invalue must be const char *; outvalue must be char **,
and its contents need to be freed by the caller using
ldap_memfree(3).
LDAP_OPT_X_TLS_NEWCTX
Instructs the library to create a new TLS library context.
invalue must be const int *. A non-zero value pointed to
by invalue tells the library to create a context for a
server.
LDAP_OPT_X_TLS_PEERCERT
Gets the peer's certificate in DER format from an
established TLS session. outvalue must be struct berval
*, and the data it returns needs to be freed by the caller
using ldap_memfree(3).
LDAP_OPT_X_TLS_PROTOCOL_MAX
Sets/gets the maximum protocol version. invalue must be
const int *; outvalue must be int *.
LDAP_OPT_X_TLS_PROTOCOL_MIN
Sets/gets the minimum protocol version. invalue must be
const int *; outvalue must be int *.
LDAP_OPT_X_TLS_RANDOM_FILE
Sets/gets the random file when /dev/random and
/dev/urandom are not available. invalue must be const
char *; outvalue must be char **, and its contents need to
be freed by the caller using ldap_memfree(3). Ignored by
GnuTLS older than version 2.2.
LDAP_OPT_X_TLS_REQUIRE_CERT
Sets/gets the peer certificate checking strategy, one of
LDAP_OPT_X_TLS_NEVER, LDAP_OPT_X_TLS_HARD,
LDAP_OPT_X_TLS_DEMAND, LDAP_OPT_X_TLS_ALLOW,
LDAP_OPT_X_TLS_TRY.
LDAP_OPT_X_TLS_REQUIRE_SAN
Sets/gets the peer certificate subjectAlternativeName
checking strategy, one of LDAP_OPT_X_TLS_NEVER,
LDAP_OPT_X_TLS_HARD, LDAP_OPT_X_TLS_DEMAND,
LDAP_OPT_X_TLS_ALLOW, LDAP_OPT_X_TLS_TRY.
LDAP_OPT_X_TLS_SSL_CTX
Gets the TLS session context associated with this handle.
outvalue must be void **. When using the OpenSSL library
this is an SSL*. When using other crypto libraries this is
a pointer to an OpenLDAP private structure. Applications
generally should not use this option.
LDAP_OPT_X_TLS_VERSION
Gets the TLS version being used on an established TLS
session. outvalue must be char **, and its contents need
to be freed by the caller using ldap_memfree(3).
