[Date Prev][Date Next]
Re: Getting SSL/TSL to work
Dick Davies writes:
>* Hallvard B Furuseth <email@example.com> [0349 18:49]:
>> Well, you can turn off client-side server certificate validation, but...
> Incidentally, is there a way to disable server certificate checking in
> the OpenLDAP client libraries?
See 'TLS_REQCERT <level>' in 'man ldap.conf',
or ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT,
&(int with value LDAP_OPT_X_TLS_<NEVER, ALLOW or TRY>)).
> We have some misconfigured ldap servers at work and had to resort to
> hacking the tls code from 2.1 into 2.2....
The above options existed - undocumented - even in OpenLDAP 2.0.0.
Hm. LDAP_OPT_X_TLS_REQUIRE_CERT is still undocumented.