Ok as you know I am playing around with my new Borland compiler which I am really liking quite a bit. I start thinking of some new stuff I would like to write and what should I do next, I have some cool ADAM ideas etc. Then I think, man, I really should add SSL support to ADFIND because that is pretty important for ADAM for ADAM SecPrins for security. It shouldn’t be too much work, add a switch to tell ADFIND to use ldap_sslinit instead of ldap_init and then actually make it use ldap_sslinit when that switch is used…
Then I think, but wait, no one seems to be asking for it… I wonder why not? Doesn’t anyone care to use SSL? I know I haven’t really worried about it much as I haven’t had an occasion to really need it yet but I figured someone out there probably has…
So then I decide to see how badly it will fail if I specify the ldaps port – 636. Then I was quite shocked to see that I actually got a response back… I am thinking wait, the system must know I am being stupid and is just sending clear text. So I pull out ethereal and capture the traffic and holy crap do I not see
Client: SYN
Server: SYN,ACK
Client: ACK
Client: Client Hello
CLIENT HELLO???? That is the start of the SSL handshake… Who added SSL support to ADFIND? I didn’t think I had added it but maybe at some point I realized how easy it would be to stick it into my LdapOpen function and had it looking at port numbers to help out if someone specified a known SSL port…
I pull up my ldapfuncs files and go looking for LdapOpen and chase through the code
hmmm… nothing there.
I’ll be darned, MS must be doing this for me. They are probably figuring, this is an SSL port, he probably meant sslinit instead of init and do it anyway. They do the same for the GC SSL port 3269. I would doublecheck this but my OS source access seems dorked up at the moment.
I still need to add the sslinit code for ADAM I am sure but right now I am thinking, hey how cool is that that MS did that automatically for me for AD… Obviously they couldn’t always cover it for ADAM since you can pick your SSL ports in ADAM, but if you use standard ports I expect you will be just fine as well.
joe