Aaron Richton wrote:You're talking about implementing a wrapper around Windows' schannel DLL which
> On Fri, 2 Aug 2013, pramod kulkarni wrote:
>> Hi,I need information on how to configure OpenLDAP server in the slapd.conf
>> to look for certificates from windows certificate store?
>> Currently i am using certificates from file in a path.
>> Waiting for your inputs.
> In libraries/libldap you'll find
> tls_g.c tls_m.c tls_o.c
> which are for GnuTLS, MozNSS, and OpenSSL respectively. I'd imagine that the
> Right Thing would be to make a new file here, that utilizes the Windows crypto
> APIs (therefore accessing the Windows certificate stores).
in turn uses CAPI key stores.
Another also rather hypothetical approach:
I vaguely remember that someone wrote a PKCS#11 provider for accessing CAPI
keystore which could be used in libnss and therefore in OpenLDAP (tls_m.c).
It would be a lot of work to get that going - something for adventurers with
lots of spare time. ;-}