[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: windows client TLS connection failed
- To: openldap-software@OpenLDAP.org
- Subject: Re: windows client TLS connection failed
- From: Lara Adianto <m1r4cle_26@yahoo.com>
- Date: Mon, 13 Dec 2004 17:42:18 -0800 (PST)
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=e+QUI4JOn23WgQl1DDQMxpnJbHwQ6ri+KtnuILsJz+xqjBoxjXA4afXe7uiuryCdE0mJq32xYhxziI4+6Nx/46KmE0ATUi7shXgahiCd+AKg2rQ3DSj4SOw0vqFjT0ZzHqSzAbiFwxFYJNA1LBwgEns51hmpHfBkhph3+MDFBsc= ;
- In-reply-to: <41BD7E1E.3000001@symas.com>
I see...but if I'm using pem file, I will not be able to install the CA cert in in windows machine right ? So, the windows client will not be able to recognize / trust the CA cert...
Anybody has written ldap client for windows before ? How to make the TLS/SSL work ?
Howard Chu <hyc@symas.com> wrote:
Lara Adianto wrote:
> Hi,
>
> I'm writing a simple ldap client for windows. I have compiled the
> necessary openldap library (libldap and liblber) with TLS/SSL using
> MSVC++ to be used by the windows client. The server is an openldap
> server installed in linux. Without TLS/SSL, the client can connect
> successfully to the server, but adding TLS (ldap_start_tls_ssl), it
> failed with error code 91:
> ldap_start_tls_s: 91, connect error.
>
>
> I installed the ca.der of the server in the windows client, and set it
> with:
>
> rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, cacert);
>
> in my code. The cacert contains the location of the ca.der and the
> certificate is valid.
The OpenLDAP library does not use DER files, only PEM files.
--
--
Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
------------------------------------------------------------------------------------
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
- Guy de Maupassant -
------------------------------------------------------------------------------------
Do you Yahoo!?
Send holiday email and support a worthy cause. Do good.