[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Using ldap_opt_x_tls_require_cert
- To: openldap-technical@openldap.org
- Subject: Using ldap_opt_x_tls_require_cert
- From: Thiyagu Rajendran <thiyagu87.r@gmail.com>
- Date: Fri, 23 Dec 2011 21:28:03 +0530
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=MY8AHbZrQck+1+j18JfgRUAhTPWoKip6Q5butuViTCs=; b=ChAEkWXQ5h6Dx8dN6Sb3aGrUHSRG92Bza1+f6xqPfR+YyiUeLJra3xcVMzRz/b7BjO KM9ScRMROzrEhq1Xij46/saHjBkya1TI97amkIlgknLawCh13ElqLcuVdHHVYEoG5bLP gGOe4tBLjXHwF6Fxw0yOOQWcC4zKSt/UmU4Ak=
Hi all,
I have few question on proper usage of ldap_opt_x_tls_require_cert option.
when ldap_opt_x_tls_require_cert is set to LDAP_OPT_X_TLS_ALLOW on ldap handle after ldap_initialize, it was not working. It failed with certificate verify error. But according to the ldap.conf man page, setting LDAP_OPT_X_TLS_ALLOW option should not verify the server certificate
After googling around found that LDAP_OPT_X_TLS_ALLOW should be set on global handle. Then got rid of certificate verify error.
But I faced a new problem ,changing LDAP_OPT_X_TLS_ALLOW to LDAP_OPT_X_TLS_TRY in the same process doesnt verify the certificate. When i kill the process and restart it, it verifies the certificate properly.
Somehow i managed to solve the problem by setting clearing the context using LDAP_OPT_X_TLS_NEWCTX
int tls=LDAP_OPT_X_TLS_ALLOW
ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&tls)
j=0
ldap_set_option(NULL,LDAP_OPT_X_TLS_NEWCTX,&j)
But when i try to set LDAP_OPT_X_TLS_REQUIRE_CERT after clearing context, it is not working.
Can someone explain the correct usage of LDAP_OPT_X_TLS_REQUIRE_CERT option
Regards,
Thiyagu