X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=daklib%2Fdbconn.py;h=31caa902dcd8f50ca06cde5f31c9ab16252e768f;hb=b42e8ecb651be5d4aa588fcc57d0339b17c6c902;hp=c6c8e5a12e78d39e6b632ae1c0c347fc7c3386ad;hpb=296062672294509b2e3d581f4e49df429c80decc;p=dak.git

diff --git a/daklib/dbconn.py b/daklib/dbconn.py
index c6c8e5a1..31caa902 100644
--- a/daklib/dbconn.py
+++ b/daklib/dbconn.py
@@ -1255,12 +1255,15 @@ class Keyring(object):
         l = ldap.open(LDAPServer)
 
         if ca_cert_file:
+            # TODO: This should request a new context and use
+            # connection-specific options (i.e. "l.set_option(...)")
+
             # Request a new TLS context. If there was already one, libldap
             # would not change the TLS options (like which CAs to trust).
-            l.set_option(ldap.OPT_X_TLS_NEWCTX, True)
-            l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_HARD)
-            l.set_option(ldap.OPT_X_TLS_CACERTDIR, None)
-            l.set_option(ldap.OPT_X_TLS_CACERTFILE, ca_cert_file)
+            #l.set_option(ldap.OPT_X_TLS_NEWCTX, True)
+            ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_HARD)
+            #ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, None)
+            ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, ca_cert_file)
             l.start_tls_s()
 
         l.simple_bind_s("","")