[dak/master] daklib/dbconn.py: use global LDAP options for TLS
Using connection-specific options made the code fail when calling
simple_bind_s() for some reason.
---
daklib/dbconn.py | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/daklib/dbconn.py b/daklib/dbconn.py
index c6c8e5a..31caa90 100644
--- a/daklib/dbconn.py
+++ b/daklib/dbconn.py
@@ -1255,12 +1255,15 @@ class Keyring(object):
l = ldap.open(LDAPServer)
if ca_cert_file:
+ # TODO: This should request a new context and use
+ # connection-specific options (i.e. "l.set_option(...)")
+
# Request a new TLS context. If there was already one, libldap
# would not change the TLS options (like which CAs to trust).
- l.set_option(ldap.OPT_X_TLS_NEWCTX, True)
- l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_HARD)
- l.set_option(ldap.OPT_X_TLS_CACERTDIR, None)
- l.set_option(ldap.OPT_X_TLS_CACERTFILE, ca_cert_file)
+ #l.set_option(ldap.OPT_X_TLS_NEWCTX, True)
+ ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_HARD)
+ #ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, None)
+ ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, ca_cert_file)
l.start_tls_s()
l.simple_bind_s("","")
--
1.7.10.4
Reply to: