[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap_start_tls_s and automatic CA certificate searching

To: openldap-software@openldap.org
Subject: ldap_start_tls_s and automatic CA certificate searching
From: "Roberto Aguilar" <bertosmailbox@gmail.com>
Date: Fri, 22 Jun 2007 03:02:09 -0700
Content-disposition: inline

Hello,

I'm trying to write a simple LDAP program that uses TLS for
communication and am running into problems with the server certificate
verification.

Using strace I noticed that the ldapsearch command is able to find the
appropriate CA certificate for the server I'm connecting to in my
/etc/ssl/certs directory even if the TLS_CACERT setting in ldap.conf
points to a different certificate.  In my program, however, I receive
error 91, which is a Connect error.

Setting TLS_CACERT to the server's CA certificate allows the
connection to go through, but that is not feasible as I need to
connect to servers with different CAs.

I tried looking through ldapsearch.c to find the secret sauce to get
this to work, but was not successful.  Can someone point me in the
right direction.

Thanks a lot!
-berto.

Follow-Ups:
- Re: ldap_start_tls_s and automatic CA certificate searching
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: configure can't find tls
Next by Date: regarding backsql performance
Index(es):
- Chronological
- Thread