[Date Prev][Date Next] [Chronological] [Thread] [Top]

Unable to connect via TLS



Hi,

I am trying to connect to my University's LDAP server
via TLS with a simple C program.  However, each time I
try to run it, I get the following error messages:

ldap_start_tls_s: Connect error (91)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
ldap_simple_bind_s: Can't contact LDAP server (81)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed

I suspect I get these messages because my program does
not believe the cerificat it recieves form the server
is valid.  I there a way to get around this
certificate ant tell my program to connect anyway?

Here is my code:

// begin tlstest.c
#include <stdio.h>
#include <ldap.h>

int main()
{
    LDAP *ldapStruct;
    int ldap_vers = LDAP_VERSION3; 
    int ldap_tls = LDAP_OPT_X_TLS_ALLOW;

    ldapStruct = ldap_init("ldap.usherbrooke.ca",
LDAP_PORT);

   
if(ldap_set_option(ldapStruct,LDAP_OPT_PROTOCOL_VERSION,&ldap_vers)
!= LDAP_SUCCESS)
    {
	ldap_perror( ldapStruct, "ldap_set_option" );
    }

    if(ldap_start_tls_s(ldapStruct,NULL,NULL) !=
LDAP_SUCCESS)
    {
	ldap_perror( ldapStruct, "ldap_start_tls_s" );
    }

    if ( ldap_simple_bind_s( ldapStruct, "ou=lanj1703,
dc=USherbrooke, dc=ca", "12testing" ) != LDAP_SUCCESS
)
    {
	ldap_perror( ldapStruct, "ldap_simple_bind_s" );
    }
    return (0);

}
// end of tlstest.c

I compile it with :

gcc -lldap tlstest.c -o tlstest

Thanks!


		
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail