Aaron Richton wrote: > On Fri, 2 Aug 2013, pramod kulkarni wrote: > >> Hi,I need information on how to configure OpenLDAP server in the slapd.conf >> to look for certificates from windows certificate store? >> Currently i am using certificates from file in a path. >> >> Waiting for your inputs. > > In libraries/libldap you'll find > > tls_g.c tls_m.c tls_o.c > > which are for GnuTLS, MozNSS, and OpenSSL respectively. I'd imagine that the > Right Thing would be to make a new file here, that utilizes the Windows crypto > APIs (therefore accessing the Windows certificate stores). You're talking about implementing a wrapper around Windows' schannel DLL which in turn uses CAPI key stores. Another also rather hypothetical approach: I vaguely remember that someone wrote a PKCS#11 provider for accessing CAPI keystore which could be used in libnss and therefore in OpenLDAP (tls_m.c). It would be a lot of work to get that going - something for adventurers with lots of spare time. ;-} Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature