I wrote: > In OpenSSL, SSL_get_peer_certificate(). ..after getting the SSL* arg with ldap_get_option LDAP_OPT_X_TLS_SSL_CTX. Which the manpage recommends not doing. At least don't meddle with the SSL* more than you have to. Hallvard