[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP_OPT_X_TLS_xxx option in SSL/TLS connection



On Tue, 28 Feb 2012 16:40:23 -0500, Qiang Xu <qixu@lexmark.com> wrote:
Hello All,

Today I came across a strange problem.

I wrote a program to test ldap ssl/tls connection with OpenLDAP
library. Something like the code snippet as follows:
(...)
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &cert_flag);
... // bind to the server

The first binding is successful, as expected. However, the second
binding is also successful, which is contrary to my expectation,
because I didn't create any cert file yet.

Possibly the answer lies in the code you did not show:
Create an LDAP* (with which url/host?), connect, bind, unbind.

Another observation here is that if the first binding with
LDAP_OPT_X_TLS_NEVER is removed, and the second binding with
LDAP_OPT_X_TLS_DEMAND set is done right from the beginning, then it
will fail, as expected.

Do you use the same LDAP* connection for both "bindings"?
Its options are set when it is initialized.
Try to unbind and then create a new LDAP*.
--
Hallvard