[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4422) Client connecting with multiple certificates

I should have noted that the library does provide limited
facilities where a program can interact directly with the
underlying TLS library.  I don't recall the specifics
and, as usual for the library, the library code is the


At 04:40 AM 3/3/2006, pr@tns.cz wrote:
>Full_Name: Pavel Rydvan
>Version: 2.3.11
>OS: FreeBSD 5.4
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (
>I'm using libldap library for connecting to the openldap server (slapd). I use
>ssl (with certificate and host checking enabled). When creating a single
>connection to the server, everything works fine (good certificate succeeds, bad
>certificate is denied). 
>The problem is, when I want to create two separate connections with different
>client certificate provided (from a single client process). 
>In case I call the ldap_set_option( ld , LDAP_OPT_X_TLS_KEYFILE, private_key)
>after obtaining the ld (i.e. after calling ldap_initialize), I don't get
>LDAP_OPT_SUCCESS (the return value is -1; I got nothing more if I subsequently
>call ldap_get_option(*pld,LDAP_OPT_ERROR_STRING,...).
>The only way I am able to set the certificates/key-file is to use the
>ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, privatekey), BEFORE the
>However, if I want to have two separate connections with different certificates,
>libldap uses only the FIRST one, although I call all the ldap_set_option(...)
>again followed by another ldap_initialize... Two separate connections are even
>created this way. But the first certificate is used for calling SSH_connect for
>some reason...
>Is there a document that describes the order in which the ldap functions are
>supposed to be called?
>Am I doing something wrong?
>Thanks in advance, Pavel Rydvan