[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unable to connect via TLS



I think the problem is that your program can not locate the CA certificate for the server's certificate

add

 putenv( strdup("LDAPTLS_CACERT=PathToCACert"));

before the init statement (where PathToCACert is the path to the certificate)

Have you successfully connect using TLS with the ldap tools?

-Patrick


On Jul 6, 2004, at 11:19 AM, jdeni ji wrote:

Hi,

I am trying to write a simple C program that can
connect to my university's LDAP server.  However, each
time I try to connect, I get the following error
messages:

ldap_start_tls_s: Connect error (91)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
ldap_simple_bind_s: Can't contact LDAP server (81)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed

It would seem as if ldap_start_tls_s is unable to
recognise a certificate that is sent by the server.
Is there any way of ignoring the certificate?

Here is my code:

// begin tlstest.c
#include <stdio.h>
#include <ldap.h>

int main()
{
    LDAP *ldapStruct;
    int ldap_vers = LDAP_VERSION3;
    int ldap_tls = LDAP_OPT_X_TLS_ALLOW;

    ldapStruct = ldap_init("ldap.usherbrooke.ca",
LDAP_PORT);


if(ldap_set_option(ldapStruct,LDAP_OPT_PROTOCOL_VERSION,&ldap_vers) != LDAP_SUCCESS) { ldap_perror( ldapStruct, "ldap_set_option" ); }

    if(ldap_start_tls_s(ldapStruct,NULL,NULL) !=
LDAP_SUCCESS)
    {
	ldap_perror( ldapStruct, "ldap_start_tls_s" );
    }

    if ( ldap_simple_bind_s( ldapStruct, "ou=lanj1703,
dc=USherbrooke, dc=ca", "12testing" ) != LDAP_SUCCESS
)
    {
	ldap_perror( ldapStruct, "ldap_simple_bind_s" );
    }
    return (0);

}
// end of tlstest.c

I compile it using :

gcc -lldap tlstest.c -o tlstest

Thanks!


__________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail