[Date Prev][Date Next]
Re: (ITS#4422) Client connecting with multiple certificates
I should have noted that the library does provide limited
facilities where a program can interact directly with the
underlying TLS library. I don't recall the specifics
and, as usual for the library, the library code is the
At 04:40 AM 3/3/2006, firstname.lastname@example.org wrote:
>Full_Name: Pavel Rydvan
>OS: FreeBSD 5.4
>Submission from: (NULL) (18.104.22.168)
>I'm using libldap library for connecting to the openldap server (slapd). I use
>ssl (with certificate and host checking enabled). When creating a single
>connection to the server, everything works fine (good certificate succeeds, bad
>certificate is denied).
>The problem is, when I want to create two separate connections with different
>client certificate provided (from a single client process).
>In case I call the ldap_set_option( ld , LDAP_OPT_X_TLS_KEYFILE, private_key)
>after obtaining the ld (i.e. after calling ldap_initialize), I don't get
>LDAP_OPT_SUCCESS (the return value is -1; I got nothing more if I subsequently
>The only way I am able to set the certificates/key-file is to use the
>ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, privatekey), BEFORE the
>However, if I want to have two separate connections with different certificates,
>libldap uses only the FIRST one, although I call all the ldap_set_option(...)
>again followed by another ldap_initialize... Two separate connections are even
>created this way. But the first certificate is used for calling SSH_connect for
>Is there a document that describes the order in which the ldap functions are
>supposed to be called?
>Am I doing something wrong?
>Thanks in advance, Pavel Rydvan