[Date Prev][Date Next]
Need help in undertsanding server certification verification by the client
- To: email@example.com
- Subject: Need help in undertsanding server certification verification by the client
- From: SOMA SEKHAR <firstname.lastname@example.org>
- Date: Tue, 5 Aug 2014 18:10:55 +0530
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=DS7aiD2Z5BDoreXZ6xPGPoBp2UYH0guN4DQ366JqnGY=; b=jzWQSoW1BNmTN3WpfbU/lEfuGNbdDQ/gw+9s9FZswCjR75J8t1LileYrRcciInRVHE 4F+ESKb3sWQ9EMmXEZBByohDVz0pe0jKZIip6V/lXUu9/0/i0MeBZwxO3sK19vp322GT V2uDwDDwQTYS17U53TfGPXfdkFW78npC2oEY7SVchn2deWdJ30oeBBHGtFd4HsIyaJ69 XK8Ez7FFd9tHqUED+Tf8UCZCTtzGhR61LlG/cFr6s9aOuVj9l6fTtFc2FFq92tffIOZw TyHbr4v3206f6v3xI2Erc7CkJjOSzxIi9D8zq8tAYS/PNjcv21aWWbX9ApO6GzS5miRP 9e1A==
I have my ca cert in a dir and I am setting the CACERTDIR option in openldap global options.
ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, <my dir path>).
After that , I started the tls connection using 'ldap_start_tls_s' , followed by 'ldap_bind_s'. This worked fine.
What I did not understand is that , even after removing the ca cert from that directory , ldap bind succeeds. Does it mean that certificate verification is not done for the second time by SSL_connect?
I have just started on openldap and gone through the code in version 2.4 and openssl-fips-1.2 , searched in google,stackoverflow etc .
Can anyone please help me with some information or pointers on this.