cURL / Mailing Lists / curl-library / Single Mail


Re: LDAPS (was RE: LDAP)

From: Dan Fandrich <>
Date: Thu, 16 Aug 2007 10:27:46 -0700

On Thu, Aug 16, 2007 at 06:56:56PM +0200, Patrick Monnerat wrote:
> 'seems enabling LDAPS introduces lots of compatibility problems, huhhh

Is LDAPS just regular LDAP running on top of SSL/TLS, in the same way as
HTTPS is to HTTP? Or is it like the FTP with the --ftp-ssl option or
SSL telnet where an LDAP negotiation takes place before SSL is enabled? If
the former, then surely we can use libcurl's already portable SSL back-end
components to negotiate SSL over the socket before handing it to OpenLDAP
to do the LDAP stuff. It sounds like that could simplify the LDAPS code
at the same time as allowing the use of all the different SSL libraries
already supported by curl.

I suspect that using the LDAP library's LDAPS support will introduce problems
when LDAP is compiled to use one SSL library (e.g. OpenSSL) while libcurl
is compiled to use another (e.g. yaSSL), with symbol clashes, etc.

>>> Dan

--              The web change of address service
          Let webmasters know that your web site has moved
Received on 2007-08-16