[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: way to validate server certificate

To: Bin Lu <blu@paloaltonetworks.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: way to validate server certificate
From: Howard Chu <hyc@symas.com>
Date: Sat, 20 Sep 2014 04:09:33 +0100
In-reply-to: <841A051D8BD4144AA7B5AC63D97F9F05179413CF@sjccmbxpw01p.paloaltonetworks.local>
References: <841A051D8BD4144AA7B5AC63D97F9F05179413CF@sjccmbxpw01p.paloaltonetworks.local>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0 SeaMonkey/2.27a1

Bin Lu wrote:

Hi,

Does openldap provide APIs to do server certificate validation? Can I retrieve
the server cert from LDAP connection and do the validation myself or by
passing the trusted CA list openldap will do it (in this case, how the
hostname matching with the subject DN is performed)?

OpenLDAP libldap does server certificate validation according to RFC2830 and4513. It would be a mistake to duplicate that functionality and do thevalidation yourself.


Thanks a lot in advance,

-blu



--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- RE: way to validate server certificate
  - From: Bin Lu <blu@paloaltonetworks.com>
- RE: way to validate server certificate
  - From: Bin Lu <blu@paloaltonetworks.com>

References:
- way to validate server certificate
  - From: Bin Lu <blu@paloaltonetworks.com>

Prev by Date: way to validate server certificate
Next by Date: Hi, I need help regarding customize schema regarding OpenLDAD 2.4.39 configuration.
Index(es):
- Chronological
- Thread