Aaron Richton wrote:
On Fri, 2 Aug 2013, pramod kulkarni wrote:
Hi,I need information on how to configure OpenLDAP server in the
slapd.conf
to look for certificates from windows certificate store?
Currently i am using certificates from file in a path.
Waiting for your inputs.
In libraries/libldap you'll find
tls_g.c tls_m.c tls_o.c
which are for GnuTLS, MozNSS, and OpenSSL respectively. I'd imagine that
the
Right Thing would be to make a new file here, that utilizes the Windows
crypto
APIs (therefore accessing the Windows certificate stores).
You're talking about implementing a wrapper around Windows' schannel DLL
which
in turn uses CAPI key stores.
Another also rather hypothetical approach:
I vaguely remember that someone wrote a PKCS#11 provider for accessing CAPI
keystore which could be used in libnss and therefore in OpenLDAP (tls_m.c).
It would be a lot of work to get that going - something for adventurers
with
lots of spare time. ;-}
Ciao, Michael.