[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openLDAP and SSL client/server certs

On 26/07/10 15:20 -0700, Bryan Boone wrote:
Hi everyone.  I am trying to develop an ldap client that uses SSL.

I read in the documentation on the openldap website this...

You must also install a copy of the CA certificate on all of your client machines. Configuration is done in /usr/local/etc/openldap/ldap.conf: TLS_CACERT /usr/local/etc/openldap/cacert.pem Does this mean that the function ldap_start_tls_s()performs mutual SSL authentication???

See chapter 16 of the OpenLDAP Administrator's Guide, specifically
TLSVerifyClient and TLS_CERT.

If I want to achieve server side authentication, does that mean I will have to use the openSSL libraries to get the server cert prior to using the ldap_start_tls_s() function???

No. I don't believe you'll need to directly call any SSL libraries to
make use of it.

Dan White