[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldap_start_tls_s and automatic CA certificate searching
Hello,
I'm trying to write a simple LDAP program that uses TLS for
communication and am running into problems with the server certificate
verification.
Using strace I noticed that the ldapsearch command is able to find the
appropriate CA certificate for the server I'm connecting to in my
/etc/ssl/certs directory even if the TLS_CACERT setting in ldap.conf
points to a different certificate. In my program, however, I receive
error 91, which is a Connect error.
Setting TLS_CACERT to the server's CA certificate allows the
connection to go through, but that is not feasible as I need to
connect to servers with different CAs.
I tried looking through ldapsearch.c to find the secret sauce to get
this to work, but was not successful. Can someone point me in the
right direction.
Thanks a lot!
-berto.