[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Getting SSL/TSL to work
* Hallvard B Furuseth <h.b.furuseth@usit.uio.no> [0353 22:53]:
> Dick Davies writes:
> >* Hallvard B Furuseth <h.b.furuseth@usit.uio.no> [0349 18:49]:
> >> Well, you can turn off client-side server certificate validation, but...
> >
> > Incidentally, is there a way to disable server certificate checking in
> > the OpenLDAP client libraries?
>
> See 'TLS_REQCERT <level>' in 'man ldap.conf',
> or ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT,
> &(int with value LDAP_OPT_X_TLS_<NEVER, ALLOW or TRY>)).
>
> > We have some misconfigured ldap servers at work and had to resort to
> > hacking the tls code from 2.1 into 2.2....
>
> The above options existed - undocumented - even in OpenLDAP 2.0.0.
> Hm. LDAP_OPT_X_TLS_REQUIRE_CERT is still undocumented.
Yeah, a ldap_set_option(3) manpage is long overdue. I usually resort to
trawling through ldap.h for likely looking suspects :)
Thanks for the tip, that should work great for most of my needs.
--
'You were doing well until everyone died'
-- God
Rasputin :: Jack of All Trades - Master of Nuns