[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7398) Retrieve LDAP server cert

>  I wrote:
>> In OpenSSL, SSL_get_peer_certificate().
>  ..after getting the SSL* arg with
>  ldap_get_option LDAP_OPT_X_TLS_SSL_CTX.
>  Which the manpage recommends not doing.  At least
>  don't meddle with the SSL* more than you have to.

I presume Michael's case is one of the few in which the client would pay
enough attention to details when using such an option.

Whether a case like this deserves an OpenLDAP API is questionable, since
it is not an LDAP-specific issue, but rather a general SSL wrapping issue.
 OTOH, as long as clever client design often needs it, I would not object
to adding such feature.


Pierangelo Masarati
Associate Professor
Dipartimento di Ingegneria Aerospaziale
Politecnico di Milano