[dak/master] daklib/dbconn.py: use global LDAP options for TLS

To: debian-dak@lists.debian.org,dak@commit.ganneff.de
Subject: [dak/master] daklib/dbconn.py: use global LDAP options for TLS
From: Ansgar Burchardt <ansgar@debian.org>
Date: Mon, 22 Jul 2013 21:06:02 +0000
Message-id: <[🔎] E1V1NIx-0008Gr-3H@franck.debian.org>

Using connection-specific options made the code fail when calling
simple_bind_s() for some reason.
---
 daklib/dbconn.py |   11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/daklib/dbconn.py b/daklib/dbconn.py
index c6c8e5a..31caa90 100644
--- a/daklib/dbconn.py
+++ b/daklib/dbconn.py
@@ -1255,12 +1255,15 @@ class Keyring(object):
         l = ldap.open(LDAPServer)
 
         if ca_cert_file:
+            # TODO: This should request a new context and use
+            # connection-specific options (i.e. "l.set_option(...)")
+
             # Request a new TLS context. If there was already one, libldap
             # would not change the TLS options (like which CAs to trust).
-            l.set_option(ldap.OPT_X_TLS_NEWCTX, True)
-            l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_HARD)
-            l.set_option(ldap.OPT_X_TLS_CACERTDIR, None)
-            l.set_option(ldap.OPT_X_TLS_CACERTFILE, ca_cert_file)
+            #l.set_option(ldap.OPT_X_TLS_NEWCTX, True)
+            ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_HARD)
+            #ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, None)
+            ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, ca_cert_file)
             l.start_tls_s()
 
         l.simple_bind_s("","")
-- 
1.7.10.4

Reply to:

Prev by Date: [dak/master] daklib/dbconn.py: allow use with SQLAlchemy 0.8
Next by Date: [dak/master] sync-dd: ignore ftp and mirror even if they are symlinks
Previous by thread: [dak/master] daklib/dbconn.py: allow use with SQLAlchemy 0.8
Next by thread: [dak/master] sync-dd: ignore ftp and mirror even if they are symlinks
Index(es):
- Date
- Thread