[Date Prev][Date Next] [Chronological] [Thread] [Top]

Using SSL and TLS

To: <openldap-software@OpenLDAP.org>
Subject: Using SSL and TLS
From: "Matt Harp" <mharp@seapine.com>
Date: Thu, 19 Feb 2004 14:24:53 -0500
Importance: Normal
In-reply-to: <569355519.1077012539@cadabra-dsl.stanford.edu>

Hey all,

I've read numerous posts on the subject but still can't figure out what's
going on.

Config:
	OpenLDAP 2.1.25
	OpenSSL 0.9.7
	Cyrus-SASL 1.5.28
	Berkley DB 4.2

I have slapd running with TLS support, listening for SSL connections on port
636 and non-SSL on 389. I can do ldapsearch calls to -H
"ldaps://my.server.com" and it all works great. But, I can't figure out how
to connect using the libldap API calls.

I have code like this...

	LDAP *pldap = NULL;
	ldap_initialize( &pldap, "ldaps://my.server.com:636");

	int iVer = LDAP_VERSION3;
	ldap_set_option( pldap, LDAP_OPT_PROTOCOL_VERSION, &iVer);

	ldap_start_tls_s( pldap, NULL, NULL); // returns code 81, but my server is
not down.

	ldap_simple_bind_s( pldap, 0, 0); // also fails, even if I skip the
start_tls call.

If I change the ldap_initialize to pass in "ldap://my.server.com:389"; then
everything works (I don't call the start_tls of course, but simple_bind
works).

Is this approach correct? I keep reading stuff about SSL and TLS, but can't
seem to completely grasp how they are different.

Why is the start_tls call failing with a client-side error telling me that
my server is down?

Any help would be greatly appreciated.

Thanks,

Matt

References:
- Re: slapindex question (was slapcat question)
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: RE: Simple Paged Results Extension - SOLVED.
Next by Date: no entries where found with ldapsearch
Index(es):
- Chronological
- Thread