Hi Philip, all, thanks for the advice. I have changed the code.. and the option is set correctly. Question, do you think it is safe to do this as a fallback: if(ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &level) != LDAP_OPT_SUCCESS) { if(ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &level) != LDAP_OPT_SUCCESS) { /// Total Failure } } Still.. although I set the option, I still get the -11 error when trying to bind. Is there any other option I have to set to "disable" certificate verification for non-openssl crypto api ? Cheers, Max On 06/10/2011 05:23 PM, Philip Guenther wrote: [..]
Howard has already pointed out that the value must be an LDAP_OPT_X_TLS_* constant and not a string; I just wanted to add that in version 2.3 and earlier, that option (and most of the other TLS options) could only be set globally: ldap_set_option() would fail for them if the first argument wasn't NULL. So, make sure you're building against a current version. Philip Guenther
-- http://member.acm.org/~openca/ Massimiliano Pala, Ph.D. Director, OpenCA Labs Professor, NYU Poly
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature