[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Client Authentication

To: Sangita Mohan <sangitam@qualcomm.com>
Subject: Re: Client Authentication
From: Howard Chu <hyc@symas.com>
Date: Tue, 17 May 2005 19:25:32 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <6.2.3.0.2.20050517155837.054821c0@unixmail.qualcomm.com>
References: <6.2.3.0.2.20050517155837.054821c0@unixmail.qualcomm.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050516

Sangita Mohan wrote:

I am certain that several clients use OpenLDAP for authentication. I have a few questions regarding client authentication vis SSL/TLS.

In the case, if the signature of the server certificate does not match the signature of one of our CA certificates then we cannot declare that the certificate is trusted. That is when we ask the user whether or not we should trust this certificate.

- I can't find any OpenLDAP API to get server certificate information. Does that mean I have to use OpenSSL API to get server certificate information?

Yes. Use ldap_get_option with LDAP_OPT_X_TLS_SSL_CTX to get the (SSL *) session pointer from the (LDAP *) LDAP session and use that with the OpenSSL APIs.

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support

References:
- Client Authentication
  - From: Sangita Mohan <sangitam@qualcomm.com>

Prev by Date: Re: Client Authentication
Next by Date: Can not compile OpenLDAP 2.2.26 : ar problem
Index(es):
- Chronological
- Thread