[PATCH] split out starttls
Andrew Bartlett
abartlet at samba.org
Wed Jul 26 00:10:28 GMT 2006
On Tue, 2006-07-25 at 19:53 -0400, simo wrote:
> On Wed, 2006-07-26 at 09:41 +1000, Andrew Bartlett wrote:
> > On Tue, 2006-07-25 at 22:42 +0200, Stefan (metze) Metzmacher wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Hi Andrew,
> > >
> > > here's patch that splits out the start tls command from the extended
> > > operation call, also start tls is disabled when we already have a tls
> > > socket on the connection.
> >
> > It looks good.
> >
> > > can you test if that patch doesn't break something?
> >
> > I've given it a quick spin, and I think it's safe to apply.
> >
> > > what about a client implementation of starttls and a torture test?
> >
> > Yeah, I'm just testing with ldapsearch for now, and I'm waiting on Simo
> > making the ldb changes.
>
> Coming soon, I was a bit tripped to work on samba3, but I have clear in
> mind what we need.
BTW, we should now be in a very good position to have the LDAP server
side do async writes to the LDAP socket, when data becomes available.
(But we should do some buffering, do avoid doing a TCP send and SASL
encrypt for every entry).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060726/42c89c77/attachment.bin
More information about the samba-technical
mailing list