openLDAP and SSL client/server certs

To: openldap-technical@openldap.org

Subject: openLDAP and SSL client/server certs

From: Bryan Boone <v_1bboon@yahoo.com>

Date: Mon, 26 Jul 2010 15:20:59 -0700 (PDT)

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1280182859; bh=DRFacZcpDhpmLfVb7wICbSTtSKcGTEQvjgnWEvUPkh4=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=KvULHFyF/2gZN5exdRlSp/x1dCdDhU45zc/vKNdG4Gn+coRZ86KIUrV6i7ihHRhT+dgqLqF735ZGKKxJj6WkFKVCBmn2fjeN/95uJ69k0+swo5sZ+vbojuSq8cBDeH7uRHqgF81mp27VnR164tM+5wQjq+71Xaoi6lWRXFWIQ+M=

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=WCAxJLM6+tyFRiKvZtWHKrQRYnxCO+Q/oECO7thuGpK3Zi0g0u/yDzwUiqCnpxJg6FrJCRqtlyClYM/0pi7dfQpNGQqhmURl4e07EpPeK+Uk7nNqlF2MZmOQBM3oQS54O8ayE1Sne8N2Iwv6cxvVA3PwBE1x/L9X9sEV4CEW7dM=;

Hi everyone. I am trying to develop an ldap client that uses SSL.

I read in the documentation on the openldap website this...

You must also install a copy of the CA certificate on all of your client machines. Configuration is done in /usr/local/etc/openldap/ldap.conf:

  TLS_CACERT /usr/local/etc/openldap/cacert.pem

Does this mean that the function ldap_start_tls_s()performs mutual SSL authentication???

If I want to achieve server side authentication, does that mean I will have to use the openSSL libraries to get the server cert prior to using the ldap_start_tls_s() function???