[PATCH] split out starttls

simo idra at samba.org
Wed Jul 26 00:22:10 GMT 2006


On Wed, 2006-07-26 at 10:10 +1000, Andrew Bartlett wrote:
> On Tue, 2006-07-25 at 19:53 -0400, simo wrote:
> > On Wed, 2006-07-26 at 09:41 +1000, Andrew Bartlett wrote:
> > > On Tue, 2006-07-25 at 22:42 +0200, Stefan (metze) Metzmacher wrote:
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > > 
> > > > Hi Andrew,
> > > > 
> > > > here's patch that splits out the start tls command from the extended
> > > > operation call, also start tls is disabled when we already have a tls
> > > > socket on the connection.
> > > 
> > > It looks good.
> > > 
> > > > can you test if that patch doesn't break something?
> > > 
> > > I've given it a quick spin, and I think it's safe to apply.
> > > 
> > > > what about a client implementation of starttls and a torture test?
> > > 
> > > Yeah, I'm just testing with ldapsearch for now, and I'm waiting on Simo
> > > making the ldb changes.
> > 
> > Coming soon, I was a bit tripped to work on samba3, but I have clear in
> > mind what we need.
> 
> BTW, we should now be in a very good position to have the LDAP server
> side do async writes to the LDAP socket, when data becomes available.
> (But we should do some buffering, do avoid doing a TCP send and SASL
> encrypt for every entry).

I would do the async stuff first and then when we are all set and the
thing works, add a caching layer if needed.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org



More information about the samba-technical mailing list