[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Getting SSL/TSL to work

To: Dick Davies <rasputnik@hellooperator.net>
Subject: Re: Getting SSL/TSL to work
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Sun, 13 Mar 2005 23:53:25 +0100
Cc: OpenLDAP Discussion List <openldap-software@OpenLDAP.org>
In-reply-to: <20050313085747.GC654@eris.tenfour>
References: <4231092A.4040308@pupeno.com> <hbf.20050312f15q@bombur.uio.no> <200503121451.22484.pupeno@pupeno.com> <hbf.20050312dt42@bombur.uio.no> <20050313085747.GC654@eris.tenfour>

Dick Davies writes:
>* Hallvard B Furuseth <h.b.furuseth@usit.uio.no> [0349 18:49]:
>> Well, you can turn off client-side server certificate validation, but...
>
> Incidentally, is there a way to disable server certificate checking in
> the OpenLDAP client libraries?

See 'TLS_REQCERT <level>' in 'man ldap.conf',
or ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT,
   &(int with value LDAP_OPT_X_TLS_<NEVER, ALLOW or TRY>)).

> We have some misconfigured ldap servers at work and had to resort to
> hacking the tls code from 2.1 into 2.2....

The above options existed - undocumented - even in OpenLDAP 2.0.0.
Hm.  LDAP_OPT_X_TLS_REQUIRE_CERT is still undocumented.

-- 
Hallvard

Follow-Ups:
- Re: Getting SSL/TSL to work
  - From: Dick Davies <rasputnik@hellooperator.net>

References:
- Getting SSL/TSL to work
  - From: Pupeno <pupeno@pupeno.com>
- Re: Getting SSL/TSL to work
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: Getting SSL/TSL to work
  - From: Pupeno <pupeno@pupeno.com>
- Re: Getting SSL/TSL to work
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: Getting SSL/TSL to work
  - From: Dick Davies <rasputnik@hellooperator.net>

Prev by Date: Re: ldapdb troubleshooting
Next by Date: Re: Getting SSL/TSL to work
Index(es):
- Chronological
- Thread