Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add per replication agreement certificate settings #6021

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add per replication agreement certificate settings #6021

wants to merge 2 commits into from

Conversation

minfrin
Copy link
Contributor

@minfrin minfrin commented Dec 31, 2023

Allow TLS certificates to be configured individually on replication agreements.

Add nsDS5ReplicaTransportUri, nsDS5ReplicaTransportCAUri, nsDS5ReplicaBootstrapTransportUri and nsDS5ReplicaBootstrapTransportCAUri to allow the URIs of certificates, keys and ca certificates to be specified for each agreement.

Based on OpenSSL provider support added to openldap here:

https://bugs.openldap.org/show_bug.cgi?id=10149
openldap/openldap#11

@minfrin
Add per replication agreement certificate settings
400e8be 
Allow TLS certificates to be configured individually on replication
agreements.

Add nsDS5ReplicaTransportUri, nsDS5ReplicaTransportCAUri,
nsDS5ReplicaBootstrapTransportUri and nsDS5ReplicaBootstrapTransportCAUri
to allow the URIs of certificates, keys and ca certificates to be
specified for each agreement.

Based on OpenSSL provider support added to openldap here:

https://bugs.openldap.org/show_bug.cgi?id=10149
openldap/openldap#11
@minfrin minfrin mentioned this pull request Dec 31, 2023
Open
Firstyear
Firstyear requested changes Jan 3, 2024
View reviewed changes
ldap/servers/plugins/replication/repl5_agmt.c Outdated Show resolved Hide resolved
ldap/servers/plugins/replication/repl5_connection.c
/* We've got an ld. Now bind to the server. */

/* if we have TLS uris, set them now */
#ifdef LDAP_OPT_X_TLS_URIS
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm looking at the openldap source and I can't find a reference to this. Can you cite the docs about this flag?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The flag is based on OpenSSL provider support added to openldap here:

https://bugs.openldap.org/show_bug.cgi?id=10149
openldap/openldap#11

ldap/servers/plugins/replication/repl5_connection.c
#endif

/* if we have TLS CA uris, set them now */
#ifdef LDAP_OPT_X_TLS_CACERTURIS
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same with this flag.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Firstyear Firstyear Firstyear requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@minfrin @Firstyear