[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Client App and STARTLS auth



Hi Philip, all,

thanks for the advice. I have changed the code.. and the option is set
correctly. Question, do you think it is safe to do this as a fallback:

    if(ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &level) !=
        LDAP_OPT_SUCCESS)
    {
      if(ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &level) !=
        LDAP_OPT_SUCCESS)
      {
        /// Total Failure
      }
    }

Still.. although I set the option, I still get the -11 error when
trying to bind.

Is there any other option I have to set to "disable" certificate
verification for non-openssl crypto api ?

Cheers,
Max


On 06/10/2011 05:23 PM, Philip Guenther wrote:
[..]
Howard has already pointed out that the value must be an LDAP_OPT_X_TLS_*
constant and not a string; I just wanted to add that in version 2.3 and
earlier, that option (and most of the other TLS options) could only be set
globally: ldap_set_option() would fail for them if the first argument
wasn't NULL.  So, make sure you're building against a current version.


Philip Guenther


--

http://member.acm.org/~openca/

Massimiliano Pala, Ph.D.
Director, OpenCA Labs
Professor, NYU Poly

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature