[Date Prev][Date Next] [Chronological] [Thread] [Top]

extracting X509 certificate from LDAP connection with openldap public API

To: openldap-software@openldap.org
Subject: extracting X509 certificate from LDAP connection with openldap public API
From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
Date: Tue, 02 Dec 2008 23:06:26 +0100
User-agent: Thunderbird 2.0.0.18 (X11/20081120)

Hello list.

I'm trying to extend nagios check_ldap plugin to also check LDAP certificate expiration. Equivalent code in check_http work directly at socket level, and is not directly transposable, as check_ldap works at higher level, relying on openldap libraries to manage its connection.

The code manipulates an opaque LDAP *ld connection handle. I had a quick look at openldap code, in libraries/libldap/tls.c, to see how this handle could be used to access the x509 certificate:

LDAPConn *conn = NULL;
Sockbuf *sb = NULL;
SSL *ssl = NULL;
X509 *certificate = NULL;

conn = ld->ld_defconn;
sb = conn->lconn_sb;
ssl = ldap_pvt_tls_sb_ctx(sb);
certificate = tls_get_cert(ssl);

However, all those types are defined in libraries/libldap/ldap-int.h header, meaning those are for internal use only. I had a quick look at IETF LDAP C draft found in openldap sources, but I couldn't find anything related to the topic. So, what's the proper way for doing this ? -- Guillaume Rousse Moyens Informatiques - INRIA Futurs Tel: 01 69 35 69 62

Follow-Ups:
- Re: extracting X509 certificate from LDAP connection with openldap public API
  - From: Philip Guenther <guenther+ldapsoft@sendmail.com>

Prev by Date: Re: bdb_search: 112 does not match filter
Next by Date: Re: extracting X509 certificate from LDAP connection with openldap public API
Index(es):
- Chronological
- Thread