StartTLS Response

Subject: StartTLS Response
Author: authen
In response to: StartTLS Request
Posted on: 07/02/2007 02:18:32 PM

When a Start TLS extended request is made, the server MUST return an
LDAP PDU containing a Start TLS extended response. An LDAP
ExtendedResponse is defined as follows:

     ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
             COMPONENTS OF LDAPResult,
             responseName     [10] LDAPOID OPTIONAL,
             response         [11] OCTET STRING OPTIONAL }

A Start TLS extended response MUST contain a responseName field which
MUST be set to the same string as that in the responseName field
present in the Start TLS extended request. The response field is
absent.

>
> On 07/02/2007 01:33:39 PM authen wrote:

A client may perform a Start TLS operation by transmitting an LDAP
PDU containing an ExtendedRequest [LDAPv3] specifying the OID for the
Start TLS operation:
1.3.6.1.4.1.1466.20037

An LDAP ExtendedRequest is defined as follows:
ExtendedRequest ::= [APPLICATION 23] SEQUENCE { requestName [0] LDAPOID, requestValue [1] OCTET STRING OPTIONAL }

A Start TLS extended request is formed by setting the requestName
field to the OID string given above. The requestValue field is
absent. The client MUST NOT send any PDUs on this connection
following this request until it receives a Start TLS extended
response.

Note: Protocol Data Unit (PDU) is a standard method for transporting LDAP messages over TCP/IP.

References:

Next Post: Response with ResultCode other than authen 07/02/2007 02:31:46 PM
Previous Post: StartTLS Request authen 07/02/2007 01:33:39 PM
Next Topic: StartTLS - Code Example: Explicit Assertion of Client's Authorization Identity authen 07/03/2007 06:28:27 PM
Previous Topic: LDAP Sort Control -- RFC 2891 SteveHB 06/07/2007 12:43:20 PM
Index: by Date
Index: by Topic