[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7398) Retrieve LDAP server cert

 michael@stroeder.com wrote:
>Kurt Zeilenga wrote:
>> Why not just get it from TLS?

 That does require an #ifdef <which TLS implementation> mess in
 the client.  libldap already has that.

> What exactly do you mean?

 In OpenSSL, SSL_get_peer_certificate().

 I note that it might also or instead make sense to ask for the
 cert chain - OpenSSL SSL_get_peer_cert_chain().  Which quickly
 dives into how many other TLS session attributes it would make
 sense to kindly provide an LDAP API interface to...