[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Question about ldap_init, ldap_initialize, start_tls, LDAP_OPT_X_TLS_ALLOW and TLS/SSL
On Tue, 19 Jun 2007, Markus Moeller wrote:
thank you very much for the detailed answer. If I remember right the return
code from ldap_start_tls was -11 which translates to "can't connect to
server" and wasn't very specific if it was a missing cert or if I connected
to an SSL only port (.e.g. 636) but I will confirm.
You can usually get more info about an error using
char *errmsg = NULL;
ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg);
If errmsg is not NULL after that, then it's additional text about the
error. That wouldn't have helped with your ldap_start_tls_s() cert
checking issues however, as the cert checking routine doesn't set that for
errors involving CA checking. It *might* have given more info when you
tried to use start_tls when the server was expecting ldaps.
Philip Guenther
- References:
- Question about ldap_init, ldap_initialize, start_tls, LDAP_OPT_X_TLS_ALLOW and TLS/SSL
- From: "Markus Moeller" <huaraz@moeller.plus.com>
- Re: Question about ldap_init, ldap_initialize, start_tls, LDAP_OPT_X_TLS_ALLOW and TLS/SSL
- From: "Markus Moeller" <huaraz@moeller.plus.com>
- Re: Question about ldap_init, ldap_initialize, start_tls, LDAP_OPT_X_TLS_ALLOW and TLS/SSL
- From: Philip Guenther <guenther@sendmail.com>
- Re: Question about ldap_init, ldap_initialize, start_tls, LDAP_OPT_X_TLS_ALLOW and TLS/SSL
- From: "Markus Moeller" <huaraz@moeller.plus.com>