Fixed #17414 - client-side TLS certificate didn't work in Google LDAP#17857
Merged
snipe merged 2 commits intogrokability:developfrom Sep 15, 2025
Merged
Fixed #17414 - client-side TLS certificate didn't work in Google LDAP#17857snipe merged 2 commits intogrokability:developfrom
snipe merged 2 commits intogrokability:developfrom
Conversation
Member
Author
|
I ran this on a test instance and it did seem to work. Probably want to still wait for another confirmation or two before we merge it though. |
Member
|
[FD-50814] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The way we had been setting the 'use client-side TLS certificates' option in LDAP was kinda working, but wasn't actually performing the actions in the right order. That worked OK in some versions of PHP - very likely due to some of the other
ldap_set_option()bugs that had existed in older PHP versions. But, now that those bugs are fixed, this incorrect way we had been setting the option seems to have stopped working in later PHP versions.This change moves the
ldap_set_option()statements before theldap_connect()statement, which looks like what they actually want you to do.If someone is running the older, buggy versions of the PHP LDAP code, I suspect this will still work correctly - as we do the whole 'setting LDAP options before connect' thing already in the TLS-certificate-validity-ignoring code.
I'm going to see if I can get some tests going to make sure this works before we get it merged over to 'master'.
Fixes #17414