[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4422) Client connecting with multiple certificates
I believe the behavior you are seeing is as intended.
The current version of libldap only supports a single
client certificate.
Kurt
At 04:40 AM 3/3/2006, pr@tns.cz wrote:
>Full_Name: Pavel Rydvan
>Version: 2.3.11
>OS: FreeBSD 5.4
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (85.207.56.10)
>
>
>I'm using libldap library for connecting to the openldap server (slapd). I use
>ssl (with certificate and host checking enabled). When creating a single
>connection to the server, everything works fine (good certificate succeeds, bad
>certificate is denied).
>
>The problem is, when I want to create two separate connections with different
>client certificate provided (from a single client process).
>
>In case I call the ldap_set_option( ld , LDAP_OPT_X_TLS_KEYFILE, private_key)
>after obtaining the ld (i.e. after calling ldap_initialize), I don't get
>LDAP_OPT_SUCCESS (the return value is -1; I got nothing more if I subsequently
>call ldap_get_option(*pld,LDAP_OPT_ERROR_STRING,...).
>
>The only way I am able to set the certificates/key-file is to use the
>ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, privatekey), BEFORE the
>ldap_set_option.
>
>However, if I want to have two separate connections with different certificates,
>libldap uses only the FIRST one, although I call all the ldap_set_option(...)
>again followed by another ldap_initialize... Two separate connections are even
>created this way. But the first certificate is used for calling SSH_connect for
>some reason...
>
>Is there a document that describes the order in which the ldap functions are
>supposed to be called?
>
>Am I doing something wrong?
>
>Thanks in advance, Pavel Rydvan