[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7398) Retrieve LDAP server cert

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7398) Retrieve LDAP server cert
From: masarati@aero.polimi.it
Date: Sat, 22 Sep 2012 14:11:19 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

>  I wrote:
>> In OpenSSL, SSL_get_peer_certificate().
>
>  ..after getting the SSL* arg with
>  ldap_get_option LDAP_OPT_X_TLS_SSL_CTX.
>  Which the manpage recommends not doing.  At least
>  don't meddle with the SSL* more than you have to.

I presume Michael's case is one of the few in which the client would pay
enough attention to details when using such an option.

Whether a case like this deserves an OpenLDAP API is questionable, since
it is not an LDAP-specific issue, but rather a general SSL wrapping issue.
 OTOH, as long as clever client design often needs it, I would not object
to adding such feature.

p.

-- 
Pierangelo Masarati
Associate Professor
Dipartimento di Ingegneria Aerospaziale
Politecnico di Milano

Prev by Date: Re: (ITS#7398) Retrieve LDAP server cert
Next by Date: Re: (ITS#7398) Retrieve LDAP server cert
Index(es):
- Chronological
- Thread