[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_set_option

At 05:51 PM 5/11/2005, Howard Chu wrote:
Sangita Mohan wrote:

I am working on authentication via SSL. I am using the ldap_set_option to set the path to the certificate file. I am able to successfully authenticate when using the

int rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, "C:\\Cert.cer");

I also noticed the option LDAP_OPT_X_TLS_CACERTDIR. However it fails when used by itself. I am having to set a dummy LDAP_OPT_X_TLS_CACERTFILE before setting LDAP_OPT_X_TLS_CACERTDIR. Is this correct?

Just use the CACERTFILE. See the ldap.conf(5) manpage for information on the CACERTDIR. For most sites it is useless.

Thanks for the quick response. I understand that if the server certificate is already trusted, I can set the path to the certificate file. I am looking at the scenario of a server certificate that is not trusted but the user would like to add the certificate to the list of trusted certificates and proceed with the LDAP query. I don't see any API to get the actual certificate information to add it to my list of trusted certificates and proceed. I see the option TLS_REQCERT that would allow me to proceed with the query if the certificate is not trusted. However is there any API that would allow me to see the certificate information to make sure it is trusted and add it to my trusted database?

Thanks for your time.