[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#4422) Client connecting with multiple certificates
Full_Name: Pavel Rydvan
Version: 2.3.11
OS: FreeBSD 5.4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (85.207.56.10)
I'm using libldap library for connecting to the openldap server (slapd). I use
ssl (with certificate and host checking enabled). When creating a single
connection to the server, everything works fine (good certificate succeeds, bad
certificate is denied).
The problem is, when I want to create two separate connections with different
client certificate provided (from a single client process).
In case I call the ldap_set_option( ld , LDAP_OPT_X_TLS_KEYFILE, private_key)
after obtaining the ld (i.e. after calling ldap_initialize), I don't get
LDAP_OPT_SUCCESS (the return value is -1; I got nothing more if I subsequently
call ldap_get_option(*pld,LDAP_OPT_ERROR_STRING,...).
The only way I am able to set the certificates/key-file is to use the
ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, privatekey), BEFORE the
ldap_set_option.
However, if I want to have two separate connections with different certificates,
libldap uses only the FIRST one, although I call all the ldap_set_option(...)
again followed by another ldap_initialize... Two separate connections are even
created this way. But the first certificate is used for calling SSH_connect for
some reason...
Is there a document that describes the order in which the ldap functions are
supposed to be called?
Am I doing something wrong?
Thanks in advance, Pavel Rydvan