[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap_start_tls_s and automatic CA certificate searching



Hello,

I'm trying to write a simple LDAP program that uses TLS for
communication and am running into problems with the server certificate
verification.

Using strace I noticed that the ldapsearch command is able to find the
appropriate CA certificate for the server I'm connecting to in my
/etc/ssl/certs directory even if the TLS_CACERT setting in ldap.conf
points to a different certificate.  In my program, however, I receive
error 91, which is a Connect error.

Setting TLS_CACERT to the server's CA certificate allows the
connection to go through, but that is not feasible as I need to
connect to servers with different CAs.

I tried looking through ldapsearch.c to find the secret sauce to get
this to work, but was not successful.  Can someone point me in the
right direction.

Thanks a lot!
-berto.