[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Hmm. No one seems to be able to answer my question about SSL connections

Dieter's correct (no surprise).

Your question only tangentially touches openldap - and only for getting the cert the openldap server happens to been configured to use onto clients

What you appear to be looking for might be available from openssl.

Frankly, this could written in bash using the openssl command.  No C necessary.

You /really/ should learn up ssl - openssl specifically.

Also: IIRC, you originally wanted the cert to simply be trusted OS wide.  For that, you need to distribute the cert's /signing CA cert/ to each OS - and they're all going to do it differently (I'm astonished this is still the case) - likely even between versions.

Good luck,
- chris

Chris Jacobs, Systems Administrator
Apollo Group  |  Apollo Marketing | Aptimus
2001 6th Ave Ste 3200 | Seattle, WA 98121
phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661
email: chris.jacobs@apollogrp.edu

----- Original Message -----
From: openldap-technical-bounces@OpenLDAP.org <openldap-technical-bounces@OpenLDAP.org>
To: openldap-technical@openldap.org <openldap-technical@openldap.org>
Sent: Thu Jul 29 23:38:24 2010
Subject: Re: Hmm. No one seems to be able to answer my question about SSL       connections

Bryan Boone <v_1bboon@yahoo.com> writes:

> So I will try once more.
> I have successfully setup an openldap server using TLS.
> I generated self sign certs using http://www.openldap.org/faq/data/cache/
> 185.html
> I have succussfully setup a client computer on a different computer than the
> server.
> I copied the cacert.pem to my client computer
> I can successfully run ldapsearch with the -ZZ option on the client PC.
> Now I want to write a client program in C that I can put on any PC, that will
> automatically download cacert.pem from the openldap server, and prompt a user
> to accept or reject the cacert.pem.  If they accept it, I want to store the
> cert in the /etc/ssl/certs directory.  If they do not accept the cert, I want
> to stop the connection.  How do I accomplish this?  I don't see any openldap
> functions that help me do this.

This task is not ldap related. You may either use scp or rsync, If you
want to create your own C program, have a look at libcurl(3).


Dieter Klünter | Systemberatung
sip: 7770535@sipgate.de

This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.