[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Client App and STARTLS auth
- To: Massimiliano Pala <pala@isis.poly.edu>
- Subject: Re: Client App and STARTLS auth
- From: Rich Megginson <rich.megginson@gmail.com>
- Date: Fri, 10 Jun 2011 14:38:23 -0600
- Cc: openldap-technical@openldap.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:reply-to:user-agent :mime-version:to:cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=X7scaGoQ3mrPmL3+fFDrBJNOmM1YkjSHOOnZAiIuEmA=; b=kfmAEQ8heJL1snDMTbZqyLqKZlblDuOgm/uV782MTt8nW4g6JIAQGqaQ2p1GnANvVx myZMssbydxagVT0Vp/qLhEh6x0EzxbARV+Q9WHkMemjJVfjivii5Jj/3335qZ2qjm6gO ZrUiPXELPknaUVVZdNF8sT6NQxwXTH90vNrWA=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=sIgX4eTjfk7DrQF9EE7TzZFRoXghTexHKJ+Jlb3xe07gb8x3i5p8fahSaHJr1bON8f KMl+LETxxWwpYpalSReHIP9rejGq4n4gH6sxpf1VFySLEvAukQw+nfnkbInTkMT3Jjn0 yPXMMIdGwNMkRy0rQRQJMIEqwSejDu/GMTgXs=
- In-reply-to: <4DF27A59.90401@isis.poly.edu>
- References: <4DF260A9.9020401@isis.poly.edu> <4DF26AE9.1050407@gmail.com> <4DF27A59.90401@isis.poly.edu>
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110419 Red Hat/3.1.10-1.el6_0 Lightning/1.0b2pre Thunderbird/3.1.10
On 06/10/2011 02:11 PM, Massimiliano Pala wrote:
Hi Rich,
that's not really what I wanted.. I am developing my own ldap client
and I wanted to know what is the code path to set the option.
I tried to use the following:
ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, "never")
but it always fails ( != 0).
man ldap_set_option
LDAP_OPT_X_TLS_REQUIRE_CERT
Sets/gets the peer certificate checking strategy,
one of
LDAP_OPT_X_TLS_NEVER,
LDAP_OPT_X_TLS_HARD,
LDAP_OPT_X_TLS_DEMAND, LDAP_OPT_X_TLS_ALLOW,
LDAP_OPT_X_TLS_TRY.
int reqcert = LDAP_OPT_X_TLS_NEVER;
...
rc = ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);
Also, I would like to know if there's a possibility to set a callback
for the verify of the certificates.
No that I know of. The problem here is - what would be passed to this
callback? A certificate? In which format?
Cheers,
Max
On 06/10/2011 03:05 PM, Rich Megginson wrote:
[...]
TLS_REQCERT <level>
never, allow, try