[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: simple question
Aleksandar Karalejić wrote:
Hi OpenLDAP team,
I have a question, simple I hope, for you - I need to send client certificate
to the server openldap server (by using openldap api and openSSL).
For completing this job, first I initalized ldap with url containing ldaps in
the url scheme (ldaps://fqdn_of_ldap_server:636).
You must set all of the TLS options before contacting the remote server. In
particular, you must set your certificate file and key file in advance.
I have set
LDAP_OPT_PROTOCOL_VERSION -> LDAP_VERSION3
LDAP_OPT_X_TLS_PROTOCOL_MIN ->
LDAP_OPT_X_TLS_PROTOCOL_TLS1_2
LDAP_OPT_X_TLS_REQUIRE_CERT ->
LDAP_OPT_X_TLS_DEMAND
This is already the default.
LDAP_OPT_X_TLS_CONNECT_ARG ->
fqdn_of_ldap_server
This is unnecessary, the server name will be parsed from the URL.
LDAP_OPT_X_TLS_CONNECT_CB ->
my_tsl_verify_callback
and then I called ldap_sasl_bind:
ldap_sasl_bind(mLdapObj, NULL, "EXTERNAL", NULL, NULL, NULL, &msgid);
What I saw is that certficate from the server was received, but how to send
client certifikate. I played arround with LDAP_OPT_X_TLS_CERTFILE (sending the
abs path to the .pem file) but nothing. Also, I saw that this parameter was
not taken into account - it looks like ssl_ctx object used for ssl_connect
does not include path to the file (like two global structures used for setting
up ctx know nothing about each other.)
Can you, help me with this?
Regards,
Aleksandar
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
- References:
- simple question
- From: Aleksandar Karalejić <aleksandar.karalejic@pstech.rs>