[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP server should use windows certificate store for certificates

Aaron Richton wrote:
> On Fri, 2 Aug 2013, pramod kulkarni wrote:
>> Hi,I need information on how to configure OpenLDAP server in the slapd.conf
>> to look for certificates from windows certificate store?
>> Currently i am using certificates from file in a path.
>> Waiting for your inputs.
> In libraries/libldap you'll find
> tls_g.c  tls_m.c  tls_o.c
> which are for GnuTLS, MozNSS, and OpenSSL respectively. I'd imagine that the
> Right Thing would be to make a new file here, that utilizes the Windows crypto
> APIs (therefore accessing the Windows certificate stores).

You're talking about implementing a wrapper around Windows' schannel DLL which
in turn uses CAPI key stores.

Another also rather hypothetical approach:
I vaguely remember that someone wrote a PKCS#11 provider for accessing CAPI
keystore which could be used in libnss and therefore in OpenLDAP (tls_m.c).
It would be a lot of work to get that going - something for adventurers with
lots of spare time. ;-}

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature