Re: SSL usage ?

From: Ulric Eriksson <ulric_at_siag.nu>
Date: Wed, 28 Sep 2005 22:15:14 +0200 (CEST)

On Wed, 28 Sep 2005, Ricardo Stella wrote:

>
> I understand that SSL is experimental. But I don't even see that it's
> being used, though it's properly comiled and libraries are linking to it.
>
> I show nothing when running pen in debug mode that certs are being
> loaded. My approach is to try to use pen as a failover stunnel.
>
> In my case, I want to accept localhost non-secure connections for ldap
> in 389 and contact a farm of ldap servers in secure mode (port 636).
>
> Currently 389->389 or 636->636 works perfectly fine. But not 389->636,
> since the secure connection needs to be done by pen.
>
> Any ideas ?

There is no code for the pen->server connections, only for
client->pen.

This may work, though:

.--------. .---------. .-----. .------.
| client |->| | | |->| ldap |
`--------' | | | | `------'
             | stunnel |->| pen |
.--------. | | | | .------.
| client |->| | | |->| ldap |
`--------' `---------' `-----' `------'

Stunnel and pen run on the same host.

Stunnel configuration file:

client = yes
pid = /home/ulric/stunnel.pid
foreground = yes
[foobar]
accept = 389
connect = localhost:636

Pen command line:

pen 636 ldapserver1:636 ldapserver2:636

Untested, buyer beware.

Ulric
Received on Wed Sep 28 2005 - 22:15:15 CEST

This archive was generated by hypermail 2.2.0 : Wed Sep 28 2005 - 22:15:16 CEST