процедуры обработки опций LDAP (LDAP option handling routines)
Параметры TLS (Безопасность транспортного уровня) (TLS(Transport Layer Security) options)
The TLS options are OpenLDAP specific.
LDAP_OPT_X_TLS_CACERTDIR
Sets/gets the path of the directories containing CA
certificates. Multiple directories may be specified,
separated by a semi-colon. invalue
must be const char *
;
outvalue
must be char **
, and its contents need to be
freed by the caller using ldap_memfree(3).
LDAP_OPT_X_TLS_CACERTFILE
Sets/gets the full-path of the CA certificate file.
invalue
must be const char *
; outvalue
must be char **
,
and its contents need to be freed by the caller using
ldap_memfree(3).
LDAP_OPT_X_TLS_CERTFILE
Sets/gets the full-path of the certificate file. invalue
must be const char *
; outvalue
must be char **
, and its
contents need to be freed by the caller using
ldap_memfree(3).
LDAP_OPT_X_TLS_CIPHER
Gets the cipher being used on an established TLS session.
outvalue
must be char **
, and its contents need to be
freed by the caller using ldap_memfree(3).
LDAP_OPT_X_TLS_CIPHER_SUITE
Sets/gets the allowed cipher suite. invalue
must be const
char *
; outvalue
must be char **
, and its contents need to
be freed by the caller using ldap_memfree(3).
LDAP_OPT_X_TLS_CONNECT_ARG
Sets/gets the connection callback argument. invalue
must
be const void *
; outvalue
must be void **
.
LDAP_OPT_X_TLS_CONNECT_CB
Sets/gets the connection callback handle. invalue
must be
const LDAP_TLS_CONNECT_CB *
; outvalue
must be
LDAP_TLS_CONNECT_CB **
.
LDAP_OPT_X_TLS_CRLCHECK
Sets/gets the CRL evaluation strategy, one of
LDAP_OPT_X_TLS_CRL_NONE
, LDAP_OPT_X_TLS_CRL_PEER
, or
LDAP_OPT_X_TLS_CRL_ALL
. invalue
must be const int *
;
outvalue
must be int *
. Requires OpenSSL.
LDAP_OPT_X_TLS_CRLFILE
Sets/gets the full-path of the CRL file. invalue
must be
const char *
; outvalue
must be char **
, and its contents
need to be freed by the caller using ldap_memfree(3).
This option is only valid for GnuTLS.
LDAP_OPT_X_TLS_CTX
Sets/gets the TLS library context. New TLS sessions will
inherit their default settings from this library context.
invalue
must be const void *
; outvalue
must be void **
.
When using the OpenSSL library this is an SSL_CTX*. When
using other crypto libraries this is a pointer to an
OpenLDAP private structure. Applications generally should
not use this option or attempt to manipulate this
structure.
LDAP_OPT_X_TLS_DHFILE
Gets/sets the full-path of the file containing the
parameters for Diffie-Hellman ephemeral key exchange.
invalue
must be const char *
; outvalue
must be char **
,
and its contents need to be freed by the caller using
ldap_memfree(3).
LDAP_OPT_X_TLS_ECNAME
Gets/sets the name of the curve(s) used for elliptic curve
key exchanges. invalue
must be const char *
; outvalue
must be char **
, and its contents need to be freed by the
caller using ldap_memfree(3). Ignored by GnuTLS. In
GnuTLS a curve may be selected in the cipher suite
specification.
LDAP_OPT_X_TLS_KEYFILE
Sets/gets the full-path of the certificate key file.
invalue
must be const char *
; outvalue
must be char **
,
and its contents need to be freed by the caller using
ldap_memfree(3).
LDAP_OPT_X_TLS_NEWCTX
Instructs the library to create a new TLS library context.
invalue
must be const int *
. A non-zero value pointed to
by invalue
tells the library to create a context for a
server.
LDAP_OPT_X_TLS_PEERCERT
Gets the peer's certificate in DER format from an
established TLS session. outvalue
must be struct berval
*
, and the data it returns needs to be freed by the caller
using ldap_memfree(3).
LDAP_OPT_X_TLS_PROTOCOL_MAX
Sets/gets the maximum protocol version. invalue
must be
const int *
; outvalue
must be int *
.
LDAP_OPT_X_TLS_PROTOCOL_MIN
Sets/gets the minimum protocol version. invalue
must be
const int *
; outvalue
must be int *
.
LDAP_OPT_X_TLS_RANDOM_FILE
Sets/gets the random file when /dev/random
and
/dev/urandom
are not available. invalue
must be const
char *
; outvalue
must be char **
, and its contents need to
be freed by the caller using ldap_memfree(3). Ignored by
GnuTLS older than version 2.2.
LDAP_OPT_X_TLS_REQUIRE_CERT
Sets/gets the peer certificate checking strategy, one of
LDAP_OPT_X_TLS_NEVER
, LDAP_OPT_X_TLS_HARD
,
LDAP_OPT_X_TLS_DEMAND
, LDAP_OPT_X_TLS_ALLOW
,
LDAP_OPT_X_TLS_TRY
.
LDAP_OPT_X_TLS_REQUIRE_SAN
Sets/gets the peer certificate subjectAlternativeName
checking strategy, one of LDAP_OPT_X_TLS_NEVER
,
LDAP_OPT_X_TLS_HARD
, LDAP_OPT_X_TLS_DEMAND
,
LDAP_OPT_X_TLS_ALLOW
, LDAP_OPT_X_TLS_TRY
.
LDAP_OPT_X_TLS_SSL_CTX
Gets the TLS session context associated with this handle.
outvalue
must be void **
. When using the OpenSSL library
this is an SSL*. When using other crypto libraries this is
a pointer to an OpenLDAP private structure. Applications
generally should not use this option.
LDAP_OPT_X_TLS_VERSION
Gets the TLS version being used on an established TLS
session. outvalue
must be char **
, and its contents need
to be freed by the caller using ldap_memfree(3).