[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unable to connect via TLS

I think the problem is that your program can not locate the CA certificate for the server's certificate


 putenv( strdup("LDAPTLS_CACERT=PathToCACert"));

before the init statement (where PathToCACert is the path to the certificate)

Have you successfully connect using TLS with the ldap tools?


On Jul 6, 2004, at 11:19 AM, jdeni ji wrote:


I am trying to write a simple C program that can
connect to my university's LDAP server.  However, each
time I try to connect, I get the following error

ldap_start_tls_s: Connect error (91)
        additional info: error:14090086:SSL
verify failed
ldap_simple_bind_s: Can't contact LDAP server (81)
        additional info: error:14090086:SSL
verify failed

It would seem as if ldap_start_tls_s is unable to
recognise a certificate that is sent by the server.
Is there any way of ignoring the certificate?

Here is my code:

// begin tlstest.c
#include <stdio.h>
#include <ldap.h>

int main()
    LDAP *ldapStruct;
    int ldap_vers = LDAP_VERSION3;
    int ldap_tls = LDAP_OPT_X_TLS_ALLOW;

    ldapStruct = ldap_init("ldap.usherbrooke.ca",

if(ldap_set_option(ldapStruct,LDAP_OPT_PROTOCOL_VERSION,&ldap_vers) != LDAP_SUCCESS) { ldap_perror( ldapStruct, "ldap_set_option" ); }

    if(ldap_start_tls_s(ldapStruct,NULL,NULL) !=
	ldap_perror( ldapStruct, "ldap_start_tls_s" );

    if ( ldap_simple_bind_s( ldapStruct, "ou=lanj1703,
dc=USherbrooke, dc=ca", "12testing" ) != LDAP_SUCCESS
	ldap_perror( ldapStruct, "ldap_simple_bind_s" );
    return (0);

// end of tlstest.c

I compile it using :

gcc -lldap tlstest.c -o tlstest


__________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail