[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Client Authentication

To: Sangita Mohan <sangitam@qualcomm.com>
Subject: Re: Client Authentication
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 17 May 2005 18:48:21 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <6.2.3.0.2.20050517155837.054821c0@unixmail.qualcomm.com>
References: <6.2.3.0.2.20050517155837.054821c0@unixmail.qualcomm.com>

At 04:12 PM 5/17/2005, Sangita Mohan wrote:
>- I can't find any OpenLDAP API to get server certificate information. Does that mean I have to use OpenSSL API to get server certificate information?

Yes.

>- How do I determine from OpenLDAP that my bind has failed because the signature of the server certificate does not match the signature of one of our CA certificates?  Is there any  return error code that would determine that?

As there is no server certificate check involved in an LDAP
bind operation, there is no API error code to indicate the
outcome of such a check.  The server certificate check is
normally done as part of the StartTLS operation.

Kurt

References:
- Client Authentication
  - From: Sangita Mohan <sangitam@qualcomm.com>

Prev by Date: Client Authentication
Next by Date: Re: Client Authentication
Index(es):
- Chronological
- Thread