[Date Prev][Date Next]
Re: (ITS#7398) Retrieve LDAP server cert
>Kurt Zeilenga wrote:
>> Why not just get it from TLS?
That does require an #ifdef <which TLS implementation> mess in
the client. libldap already has that.
> What exactly do you mean?
In OpenSSL, SSL_get_peer_certificate().
I note that it might also or instead make sense to ask for the
cert chain - OpenSSL SSL_get_peer_cert_chain(). Which quickly
dives into how many other TLS session attributes it would make
sense to kindly provide an LDAP API interface to...