Bin Lu wrote: > Support for "server cert validation", and was looking for the API(s) that > does that, like would setting LDAP_OPT_X_TLS_CACERTFILE option (and/or > combined with LDAP_OPT_X_TLS_DEMAND), etc. It would be really nice to have > a callback API to use your own validation logic (to handle some special > cases), maybe it already exists just I don't know. One option is maybe to make the connection and initialize the SSL context yourself and use ldap_init_fd(). This only works for LDAPS though. In git master there's already code to retrieve the server cert by calling ldap_get_option(LDAP_OPT_X_TLS_PEERCERT) and do whatever your want with it. I guess this won't appear in RE24. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature