[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7843) ldap_set_option on LDAP not working

To: openldap-its@OpenLDAP.org
Subject: (ITS#7843) ldap_set_option on LDAP not working
From: korylprince@gmail.com
Date: Sat, 26 Apr 2014 06:00:29 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Kory Prince
Version: 2.4.39
OS: Linux (Arch/Ubuntu)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (71.49.164.94)


Consider the following code:

#include <stdio.h>
#include <ldap.h>

void main() {
    LDAP *ld;
    int status = ldap_initialize(&ld, "ldaps://server:636");
    if (status == LDAP_SUCCESS) {
        printf("initialize success\n");
    }
    status = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE,
"/etc/ssl/certs/ca-certificates.crt");
    status = ldap_simple_bind_s(ld, "bindDN", "pass");
    if (status == LDAP_SUCCESS) {
        printf("bind success\n");
    }
    else {
        printf("%s\n", ldap_err2string(status));
    }
}

This works as expected. However changing the set_option line to 

status = ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTFILE,
"/etc/ssl/certs/ca-certificates.crt");

(setting the option on the LDAP) causes the bind to fail. 

Using python-ldap gives me a bit more info:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed (unable to get local issuer certificate)

I have compiled libldap 2.4.39 on Arch and Ubuntu and am getting the same
result.

Interestingly enough, the version that comes packaged on Ubuntu 12.04 (2.4.28)
works fine, but compiling that version myself gives the same error.

Prev by Date: (ITS#7842) mdb readers/writer exclusion protocol, as implemented, is racy.
Next by Date: (ITS#7844) LMDB Delete Cursor inconsistencies
Index(es):
- Chronological
- Thread