[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re:A LDAPS related issue



Seems nobody run into this issue??

 

At 2010-09-20 10:02:10,ctosgh <ctosgh@126.com> wrote:
Hi, folks
 
I am using the APIs from openldap and recently run into a problem which upset me.  Following is the framework of the function.
ldaps_func()
{
   LDAP* ld = NULL;
   char * uri =" ldaps://xxx.xxx.xxx:636";
   .....
   ldap_set_option(...);   //using LDAP v3
   ldap_set_option(...);   // set LDAP_OPT_X_TLS_REQUIRE_CERT to deman
   ldap_set_option(...);   // set LDAP_OPT_X_TLS_CACERTDIR to /tmp/ldapsCA/
   ldap_initialize(&ld, uri);
   .....
   ldap_simple_bind(.....);
   ldap_search_ext(...);
   ......
   ldap_unbind(ld);
   .....
   return 0;
}
Above function is called in a while loop to authenticate users to a LDAPS server when authentication request comes up.  This function works fine. BUT after one successful authentication, if I delete CA certificates of server's certificate under /tmp/ldapsCA/, subsequent authentications will STILL succeed. If restart this daemon, no authentication will succeed, because CA certificates under /tmp/ldapsCA/ has been deleted.
Why I delete CA certificates under /tmp/ldapsCA/? I just want to simulate "certificate change".
Is the openssl library cache someting??
 
Any one has any ideas about this? I will really appreciate it.
 
Thanks,
Jacky



全国最低价,天天在家冲照片,24小时发货上门!



全国最低价,天天在家冲照片,24小时发货上门!