TLS 1.3 support for LDAP module #5583

author Alan T. DeKok <aland@freeradius.org>

Sat, 17 May 2025 12:08:00 +0000 (08:08 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Sat, 17 May 2025 12:08:24 +0000 (08:08 -0400)
author Alan T. DeKok <aland@freeradius.org>
Sat, 17 May 2025 12:08:00 +0000 (08:08 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Sat, 17 May 2025 12:08:24 +0000 (08:08 -0400)
diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c

index 94164cbfaa322456098cf0ccddf8279398457030..03a109bb62844ea1ebde1022e284a3c2a00a7cf9 100644 (file)
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -2637,7 +2637,10 @@ static int mod_instantiate(module_inst_ctx_t const *mctx)
         }
  
         if (inst->handle_config.tls_min_version_str) {
-               if (strcmp(inst->handle_config.tls_min_version_str, "1.2") == 0) {
+               if (strcmp(inst->handle_config.tls_min_version_str, "1.3") == 0) {
+                       inst->handle_config.tls_min_version = LDAP_OPT_X_TLS_PROTOCOL_TLS1_3;
+
+               } else if (strcmp(inst->handle_config.tls_min_version_str, "1.2") == 0) {
                         inst->handle_config.tls_min_version = LDAP_OPT_X_TLS_PROTOCOL_TLS1_2;
  
                 } else if (strcmp(inst->handle_config.tls_min_version_str, "1.1") == 0) {
author	Alan T. DeKok <aland@freeradius.org>
	Sat, 17 May 2025 12:08:00 +0000 (08:08 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Sat, 17 May 2025 12:08:24 +0000 (08:08 -0400)