[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4422) Client connecting with multiple certificates

Full_Name: Pavel Rydvan
Version: 2.3.11
OS: FreeBSD 5.4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

I'm using libldap library for connecting to the openldap server (slapd). I use
ssl (with certificate and host checking enabled). When creating a single
connection to the server, everything works fine (good certificate succeeds, bad
certificate is denied). 

The problem is, when I want to create two separate connections with different
client certificate provided (from a single client process). 

In case I call the ldap_set_option( ld , LDAP_OPT_X_TLS_KEYFILE, private_key)
after obtaining the ld (i.e. after calling ldap_initialize), I don't get
LDAP_OPT_SUCCESS (the return value is -1; I got nothing more if I subsequently
call ldap_get_option(*pld,LDAP_OPT_ERROR_STRING,...).

The only way I am able to set the certificates/key-file is to use the
ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, privatekey), BEFORE the

However, if I want to have two separate connections with different certificates,
libldap uses only the FIRST one, although I call all the ldap_set_option(...)
again followed by another ldap_initialize... Two separate connections are even
created this way. But the first certificate is used for calling SSH_connect for
some reason...

Is there a document that describes the order in which the ldap functions are
supposed to be called?

Am I doing something wrong?

Thanks in advance, Pavel Rydvan