[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL/EXTERNAL (TLS)



Just a bit of clarification here - I have code that will extract the DN of
the peer certificate on a TLS session. If there is no peer certificate, it
returns NULL. I'm
inserting this into ldap_pvt_tls_get_peer() in libldap/tls.c.

The openssl library routine X509_name_oneline() will return a printable
version of
an X.509 name. However, this DN will be in X.500 order, as opposed to LDAP
order.
Should the name that ldap_pvt_tls_get_peer() returns be in LDAP order?

> -----Original Message-----
> From: owner-openldap-devel@OpenLDAP.org
> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Howard Chu
> Sent: Tuesday, August 15, 2000 1:20 AM
> To: Kurt D. Zeilenga; openldap-devel@OpenLDAP.org
> Subject: RE: SASL/EXTERNAL (TLS)
>
>
> I can take care of this, I've already done it in an older image.
>
> > -----Original Message-----
> > From: owner-openldap-devel@OpenLDAP.org
> > [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Kurt D. Zeilenga
> > Sent: Monday, August 14, 2000 6:48 PM
> > To: openldap-devel@OpenLDAP.org
> > Subject: SASL/EXTERNAL (TLS)
> >
> >
> > Can someone with TLS programming experience sort out how
> > to extract the TLS negotiated authentication identity
> > for use with SASL/EXTERNAL?   Once extracted, it's one
> > SASL call on the server side to get SASL/EXTERNAL working.
> >
> > Thanks!  Kurt
> >
>