[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Client App and STARTLS auth



On 06/10/2011 02:11 PM, Massimiliano Pala wrote:
Hi Rich,

that's not really what I wanted.. I am developing my own ldap client
and I wanted to know what is the code path to set the option.

I tried to use the following:

ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, "never")

but it always fails ( != 0).
man ldap_set_option

LDAP_OPT_X_TLS_REQUIRE_CERT
Sets/gets the peer certificate checking strategy, one of LDAP_OPT_X_TLS_NEVER, LDAP_OPT_X_TLS_HARD, LDAP_OPT_X_TLS_DEMAND, LDAP_OPT_X_TLS_ALLOW, LDAP_OPT_X_TLS_TRY.

int reqcert = LDAP_OPT_X_TLS_NEVER;
...
rc = ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);

Also, I would like to know if there's a possibility to set a callback
for the verify of the certificates.
No that I know of. The problem here is - what would be passed to this callback? A certificate? In which format?

Cheers,
Max


On 06/10/2011 03:05 PM, Rich Megginson wrote:
[...]
TLS_REQCERT <level>
never, allow, try