luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ldap: drop support for legacy Novell LDAP SDK

Browse Source 
The latest copy I could find at:
https://beta.novell.com/developer/ndk/ldap_libraries_for_c.html
is from 2016-Feb-03, available for Linux and Windows.

I built curl against the Windows package with CMake:
https://sdk.suse.com/ndk/cldap/builds/2016/openldapsdk-devel-windows64-2016-01-28.zip
(It comes with OpenSSL 1.0.1q-fips (2015-Dec-03) binaries.)
CMake identified it as OpenLDAP and built with it as expected:
```
curl 8.12.0-DEV (x86_64-w64-mingw32) libcurl/8.12.0-DEV Schannel OpenLDAP/2.4.37
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IPv6 Kerberos Largefile NTLM SPNEGO SSL SSPI threadsafe UnixSockets
```

Since it identified it as OpenLDAP (`lib/openldap.c`), the branch
deleted in this PR (`lib/ldap.c`) wasn't reached. Thus, defining
the `CURL_HAS_NOVELL_LDAPSDK` also made no difference in the build.
This suggests the code guarded by it is now orphan and unnecessary.

Novell NetWare builds were another user, but we dropped support for them
in 2022: 3b16575ae9 #8358

Closes #16176
This commit is contained in:
Viktor Szakats 2025-02-05 01:29:08 +01:00
parent 3f9417b21d
commit b3e12b7d6f
No known key found for this signature in database
GPG Key ID: B5ABD165E2AEF201
2 changed files with 2 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/config-win32.h
View File

@ -448,11 +448,7 @@ Vista
/* LDAP SUPPORT */ /* LDAP SUPPORT */
/* ---------------------------------------------------------------- */ /* ---------------------------------------------------------------- */
#ifdef CURL_HAS_NOVELL_LDAPSDK #ifdef CURL_HAS_OPENLDAP_LDAPSDK
#undef USE_WIN32_LDAP
#define HAVE_LDAP_SSL_H 1
#define HAVE_LDAP_URL_PARSE 1
#elif defined(CURL_HAS_OPENLDAP_LDAPSDK)
#undef USE_WIN32_LDAP #undef USE_WIN32_LDAP
#define HAVE_LDAP_URL_PARSE 1 #define HAVE_LDAP_URL_PARSE 1
#elif !defined(CURL_WINDOWS_UWP) && !defined(UNDER_CE) #elif !defined(CURL_WINDOWS_UWP) && !defined(UNDER_CE)

54
lib/ldap.c
View File

@ -389,55 +389,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
#else #else
int ldap_option; int ldap_option;
char *ldap_ca = conn->ssl_config.CAfile; char *ldap_ca = conn->ssl_config.CAfile;
#if defined(CURL_HAS_NOVELL_LDAPSDK) #ifdef LDAP_OPT_X_TLS
rc = ldapssl_client_init(NULL, NULL);
if(rc != LDAP_SUCCESS) {
failf(data, "LDAP local: ldapssl_client_init %s", ldap_err2string(rc));
result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
if(conn->ssl_config.verifypeer) {
/* Novell SDK supports DER or BASE64 files. */
int cert_type = LDAPSSL_CERT_FILETYPE_B64;
if((data->set.ssl.cert_type) &&
(strcasecompare(data->set.ssl.cert_type, "DER")))
cert_type = LDAPSSL_CERT_FILETYPE_DER;
if(!ldap_ca) {
failf(data, "LDAP local: ERROR %s CA cert not set",
(cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"));
result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
infof(data, "LDAP local: using %s CA cert '%s'",
(cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"),
ldap_ca);
rc = ldapssl_add_trusted_cert(ldap_ca, cert_type);
if(rc != LDAP_SUCCESS) {
failf(data, "LDAP local: ERROR setting %s CA cert: %s",
(cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"),
ldap_err2string(rc));
result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
ldap_option = LDAPSSL_VERIFY_SERVER;
}
else
ldap_option = LDAPSSL_VERIFY_NONE;
rc = ldapssl_set_verify_mode(ldap_option);
if(rc != LDAP_SUCCESS) {
failf(data, "LDAP local: ERROR setting cert verify mode: %s",
ldap_err2string(rc));
result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
server = ldapssl_init(host, conn->primary.remote_port, 1);
if(!server) {
failf(data, "LDAP local: Cannot connect to %s:%u",
conn->host.dispname, conn->primary.remote_port);
result = CURLE_COULDNT_CONNECT;
goto quit;
}
#elif defined(LDAP_OPT_X_TLS)
if(conn->ssl_config.verifypeer) { if(conn->ssl_config.verifypeer) {
/* OpenLDAP SDK supports BASE64 files. */ /* OpenLDAP SDK supports BASE64 files. */
if((data->set.ssl.cert_type) && if((data->set.ssl.cert_type) &&
@ -758,10 +710,6 @@ quit:
ldap_free_urldesc(ludp); ldap_free_urldesc(ludp);
if(server) if(server)
ldap_unbind_s(server); ldap_unbind_s(server);
#if defined(HAVE_LDAP_SSL) && defined(CURL_HAS_NOVELL_LDAPSDK)
if(ldap_ssl)
ldapssl_client_deinit();
#endif /* HAVE_LDAP_SSL && CURL_HAS_NOVELL_LDAPSDK */
FREE_ON_WINLDAP(host); FREE_ON_WINLDAP(host);