diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2015-02-06 11:43:54 +0100 |
|---|---|---|
| committer | Michael Mann <mmann78@netscape.net> | 2015-02-09 14:08:18 +0000 |
| commit | 929a4f253c3b8e36ab816826b87ffdc641939c38 (patch) | |
| tree | 7446587a00c1e48cd50d601a3ac1c1301e4af30a /sync_pipe.h | |
| parent | e190253478cea8ab10903e83daafeb3574ad0f04 (diff) | |
ldap: simplify Start TLS handling
RFC 2830 describes the Start TLS operation as follows:
1. ExtendedRequest is sent by client with the requestName OID set to
"1.3.6.1.4.1.1466.20037".
2. Server responds with an ExtendedResponse having a resultCode and
optionally a responseName (OID).
The text mentions that the field *must* be set but the definition allows
it to be optional. The previous code then made assumption that once (1)
was seen, then any ExtendedResponse signals an acknowledgement.
That is not entirely correct, a server could reject the request. This
patch corrects that by checking the ExtendedResponse_resultCode for
success, and then uses the new ssl_starttls_ack() helper to kick off
SSL. This simplifies the code a bit.
Tested against ldap-ssl.pcapng (which has no responseName) from
http://wiki.wireshark.org/SampleCaptures#SSL_with_decryption_keys
The result is the same as before, except that "Protocols in frame"
changed from "...:ldap:ssl:ldap" to "...:ssl:ldap".
Change-Id: Id7e40c5a50a217c4d3d46f08241d704f19d195dd
Reviewed-on: https://code.wireshark.org/review/6982
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'sync_pipe.h')
0 files changed, 0 insertions, 0 deletions