Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   ldap_set_option    ( 3 )

процедуры обработки опций LDAP (LDAP option handling routines)
  Name  |  Library  |  Synopsis  |  Description  |  Sasl options  |  Tcp options  |    Tls(transport layer security) options    |  Error  |  Note  |  See also  |

Параметры TLS (Безопасность транспортного уровня) (TLS(Transport Layer Security) options)

The TLS options are OpenLDAP specific.

LDAP_OPT_X_TLS_CACERTDIR Sets/gets the path of the directories containing CA certificates. Multiple directories may be specified, separated by a semi-colon. invalue must be const char *; outvalue must be char **, and its contents need to be freed by the caller using ldap_memfree(3).

LDAP_OPT_X_TLS_CACERTFILE Sets/gets the full-path of the CA certificate file. invalue must be const char *; outvalue must be char **, and its contents need to be freed by the caller using ldap_memfree(3).

LDAP_OPT_X_TLS_CERTFILE Sets/gets the full-path of the certificate file. invalue must be const char *; outvalue must be char **, and its contents need to be freed by the caller using ldap_memfree(3).

LDAP_OPT_X_TLS_CIPHER Gets the cipher being used on an established TLS session. outvalue must be char **, and its contents need to be freed by the caller using ldap_memfree(3).

LDAP_OPT_X_TLS_CIPHER_SUITE Sets/gets the allowed cipher suite. invalue must be const char *; outvalue must be char **, and its contents need to be freed by the caller using ldap_memfree(3).

LDAP_OPT_X_TLS_CONNECT_ARG Sets/gets the connection callback argument. invalue must be const void *; outvalue must be void **.

LDAP_OPT_X_TLS_CONNECT_CB Sets/gets the connection callback handle. invalue must be const LDAP_TLS_CONNECT_CB *; outvalue must be LDAP_TLS_CONNECT_CB **.

LDAP_OPT_X_TLS_CRLCHECK Sets/gets the CRL evaluation strategy, one of LDAP_OPT_X_TLS_CRL_NONE, LDAP_OPT_X_TLS_CRL_PEER, or LDAP_OPT_X_TLS_CRL_ALL. invalue must be const int *; outvalue must be int *. Requires OpenSSL.

LDAP_OPT_X_TLS_CRLFILE Sets/gets the full-path of the CRL file. invalue must be const char *; outvalue must be char **, and its contents need to be freed by the caller using ldap_memfree(3). This option is only valid for GnuTLS.

LDAP_OPT_X_TLS_CTX Sets/gets the TLS library context. New TLS sessions will inherit their default settings from this library context. invalue must be const void *; outvalue must be void **. When using the OpenSSL library this is an SSL_CTX*. When using other crypto libraries this is a pointer to an OpenLDAP private structure. Applications generally should not use this option or attempt to manipulate this structure.

LDAP_OPT_X_TLS_DHFILE Gets/sets the full-path of the file containing the parameters for Diffie-Hellman ephemeral key exchange. invalue must be const char *; outvalue must be char **, and its contents need to be freed by the caller using ldap_memfree(3).

LDAP_OPT_X_TLS_ECNAME Gets/sets the name of the curve(s) used for elliptic curve key exchanges. invalue must be const char *; outvalue must be char **, and its contents need to be freed by the caller using ldap_memfree(3). Ignored by GnuTLS. In GnuTLS a curve may be selected in the cipher suite specification.

LDAP_OPT_X_TLS_KEYFILE Sets/gets the full-path of the certificate key file. invalue must be const char *; outvalue must be char **, and its contents need to be freed by the caller using ldap_memfree(3).

LDAP_OPT_X_TLS_NEWCTX Instructs the library to create a new TLS library context. invalue must be const int *. A non-zero value pointed to by invalue tells the library to create a context for a server.

LDAP_OPT_X_TLS_PEERCERT Gets the peer's certificate in DER format from an established TLS session. outvalue must be struct berval *, and the data it returns needs to be freed by the caller using ldap_memfree(3).

LDAP_OPT_X_TLS_PROTOCOL_MAX Sets/gets the maximum protocol version. invalue must be const int *; outvalue must be int *.

LDAP_OPT_X_TLS_PROTOCOL_MIN Sets/gets the minimum protocol version. invalue must be const int *; outvalue must be int *.

LDAP_OPT_X_TLS_RANDOM_FILE Sets/gets the random file when /dev/random and /dev/urandom are not available. invalue must be const char *; outvalue must be char **, and its contents need to be freed by the caller using ldap_memfree(3). Ignored by GnuTLS older than version 2.2.

LDAP_OPT_X_TLS_REQUIRE_CERT Sets/gets the peer certificate checking strategy, one of LDAP_OPT_X_TLS_NEVER, LDAP_OPT_X_TLS_HARD, LDAP_OPT_X_TLS_DEMAND, LDAP_OPT_X_TLS_ALLOW, LDAP_OPT_X_TLS_TRY.

LDAP_OPT_X_TLS_REQUIRE_SAN Sets/gets the peer certificate subjectAlternativeName checking strategy, one of LDAP_OPT_X_TLS_NEVER, LDAP_OPT_X_TLS_HARD, LDAP_OPT_X_TLS_DEMAND, LDAP_OPT_X_TLS_ALLOW, LDAP_OPT_X_TLS_TRY.

LDAP_OPT_X_TLS_SSL_CTX Gets the TLS session context associated with this handle. outvalue must be void **. When using the OpenSSL library this is an SSL*. When using other crypto libraries this is a pointer to an OpenLDAP private structure. Applications generally should not use this option.

LDAP_OPT_X_TLS_VERSION Gets the TLS version being used on an established TLS session. outvalue must be char **, and its contents need to be freed by the caller using ldap_memfree(3).