[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to fetch ca server certificate from LDAP server using library call

To: Digambar Sawant <digambar49@gmail.com>
Subject: Re: How to fetch ca server certificate from LDAP server using library call
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Sun, 3 Feb 2008 15:38:39 +0100
Cc: openldap-software@openldap.org
In-reply-to: <29dd6fdb0802020916p66d2826gf753ab587b26c1c2@mail.gmail.com>
References: <29dd6fdb0802020916p66d2826gf753ab587b26c1c2@mail.gmail.com>

Digambar Sawant writes:
> Is there any way to fetch the CA certificate from LDAP server using OpenLDAP
> C SDK?  (...)
> On client side, how do I get the ca certficate? I don't want to copy it
> manually by doing scp/http.

If you get it from the server, someone can hijack the connection and
gives you their own certificate instead of your server's.  That defeats
the entire point of having a server certificate: to verify that the
machine you connected to actually is the one you wanted to reach.

But if you insist, check out your TLS/SSL implementation's
documentation.  I OpenLDAP leaves it to do CA cert handling.

-- 
Hallvard

References:
- How to fetch ca server certificate from LDAP server using library call
  - From: "Digambar Sawant" <digambar49@gmail.com>

Prev by Date: cn=config and cn=monitor questions
Next by Date: Upgrade to 2.3.40 -> failed index
Index(es):
- Chronological
- Thread