[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
extracting X509 certificate from LDAP connection with openldap public API
Hello list.
I'm trying to extend nagios check_ldap plugin to also check LDAP
certificate expiration. Equivalent code in check_http work directly at
socket level, and is not directly transposable, as check_ldap works at
higher level, relying on openldap libraries to manage its connection.
The code manipulates an opaque LDAP *ld connection handle. I had a quick
look at openldap code, in libraries/libldap/tls.c, to see how this
handle could be used to access the x509 certificate:
LDAPConn *conn = NULL;
Sockbuf *sb = NULL;
SSL *ssl = NULL;
X509 *certificate = NULL;
conn = ld->ld_defconn;
sb = conn->lconn_sb;
ssl = ldap_pvt_tls_sb_ctx(sb);
certificate = tls_get_cert(ssl);
However, all those types are defined in libraries/libldap/ldap-int.h
header, meaning those are for internal use only. I had a quick look at
IETF LDAP C draft found in openldap sources, but I couldn't find
anything related to the topic. So, what's the proper way for doing this ?
--
Guillaume Rousse
Moyens Informatiques - INRIA Futurs
Tel: 01 69 35 69 62