[Date Prev][Date Next] [Chronological] [Thread] [Top]

Need help in undertsanding server certification verification by the client

Hi ,
    I have my ca cert in a dir and I am setting the CACERTDIR option in openldap global options.

ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, <my dir path>)

After that , I started the tls connection using 'ldap_start_tls_s' , followed by 'ldap_bind_s'. This worked fine.

What I did not understand is that , even after removing the ca cert from that directory , ldap bind succeeds. Does it mean that certificate verification is not done for the second time by SSL_connect?

I have just started on openldap and gone through the code in version 2.4 and openssl-fips-1.2 , searched in  google,stackoverflow etc .

 Can anyone please help me with some information or pointers on this.