[Date Prev][Date Next]
Re: (ITS#7398) Retrieve LDAP server cert
> I wrote:
>> In OpenSSL, SSL_get_peer_certificate().
> ..after getting the SSL* arg with
> ldap_get_option LDAP_OPT_X_TLS_SSL_CTX.
> Which the manpage recommends not doing. At least
> don't meddle with the SSL* more than you have to.
I presume Michael's case is one of the few in which the client would pay
enough attention to details when using such an option.
Whether a case like this deserves an OpenLDAP API is questionable, since
it is not an LDAP-specific issue, but rather a general SSL wrapping issue.
OTOH, as long as clever client design often needs it, I would not object
to adding such feature.
Dipartimento di Ingegneria Aerospaziale
Politecnico di Milano