[Date Prev][Date Next]
Re: LDAP_OPT_X_TLS_xxx option in SSL/TLS connection
On Tue, 28 Feb 2012 16:40:23 -0500, Qiang Xu <firstname.lastname@example.org> wrote:
Today I came across a strange problem.
I wrote a program to test ldap ssl/tls connection with OpenLDAP
library. Something like the code snippet as follows:
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &cert_flag);
... // bind to the server
The first binding is successful, as expected. However, the second
binding is also successful, which is contrary to my expectation,
because I didn't create any cert file yet.
Possibly the answer lies in the code you did not show:
Create an LDAP* (with which url/host?), connect, bind, unbind.
Another observation here is that if the first binding with
LDAP_OPT_X_TLS_NEVER is removed, and the second binding with
LDAP_OPT_X_TLS_DEMAND set is done right from the beginning, then it
will fail, as expected.
Do you use the same LDAP* connection for both "bindings"?
Its options are set when it is initialized.
Try to unbind and then create a new LDAP*.