[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Using TLS

To: 'Quanah Gibson-Mount' <quanah@symas.com>, "'openldap-technical@openldap.org'" <openldap-technical@openldap.org>
Subject: RE: Using TLS
From: Daniel Le <daniel.le@exfo.com>
Date: Fri, 23 Jun 2017 21:31:15 +0000
Accept-language: en-US
Content-language: en-US
In-reply-to: <3F19B79EBB01CFDE1A4853CA@[192.168.1.30]>
References: <BC204A77E2E9CD4A85A8F600C7F0BA848C1260D2@SPQCMBX02.exfo.com> <20170619021301.pctqj7egmqbg33oq@t500.tetrardus.net> <BC204A77E2E9CD4A85A8F600C7F0BA848C128B6C@SPQCMBX02.exfo.com> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B2E6@SPQCMBX02.exfo.com> <WM!4b2f99c61a1f17344b2f78c4ad0a5975698ba977066cdddadb1c228c0759bde05ca95e73470db3b45f2479a0d79a9664!@mailstronghold-2.zmailcloud.com> <2BEE9DDEB748E3FA5964543A@[192.168.1.30]> <BC204A77E2E9CD4A85A8F600C7F0BA848C12B339@SPQCMBX02.exfo.com> <WM!5a16821900b8e192e19606b3f85b95d9079789d5369be265453d7d9dc053cfc23fd1e2bbe80737f17623a816580c4add!@mailstronghold-3.zmailcloud.com> <3F19B79EBB01CFDE1A4853CA@[192.168.1.30]>
Thread-index: AdLmtCFfOhBINSmnQBOu0gkfm+lV3wCDvk+AABx1aJAAygY3YAAA22W+AACiO9AAAKI4/gAAfdTA
Thread-topic: Using TLS

Thanks Quanah.

Using OpenLDAP API, is it correct to set client TLS option to -not- validate server certificates as follows?

int opt;
opt = LDAP_OPT_X_TLS_NEVER;
rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt);

Daniel

-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@symas.com] 
Sent: Friday, June 23, 2017 5:13 PM
To: Daniel Le <daniel.le@exfo.com>; 'openldap-technical@openldap.org' <openldap-technical@openldap.org>
Subject: RE: Using TLS

--On Friday, June 23, 2017 10:08 PM +0000 Daniel Le <daniel.le@exfo.com>
wrote:

> Hi Quanah,
>
> No, I'm fairly new to OpenLDAP and wasn't aware of such global context 
> requirement.
>
> Does that only apply to client TLS options?
>
> Is global option set by passing a NULL LDAP handle?
>
> I found ITS#8573 wrt your TLS patch, but the URL:
> <http://www.openldap.org/lists/openldap-devel/attachments/20170608/2ae
> 39d 03/attachment.bin> is not found. Can you point me to where to 
> download or see the patch? Has it been integrated into 2.4.45?

Hi Daniel,

You can view it here: 
<https://github.com/quanah/openldap-scratch/commit/cff66313706c607d4df6f074255703da8d87b35a.patch>

and no, it would be part of 2.5 once submitted, although it applies just fine for me to 2.4

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- Using TLS
  - From: Daniel Le <daniel.le@exfo.com>
- Re: Using TLS
  - From: Paulm <paulm@tetrardus.net>
- RE: Using TLS
  - From: Daniel Le <daniel.le@exfo.com>
- RE: Using TLS
  - From: Daniel Le <daniel.le@exfo.com>
- RE: Using TLS
  - From: Quanah Gibson-Mount <quanah@symas.com>
- RE: Using TLS
  - From: Daniel Le <daniel.le@exfo.com>
- RE: Using TLS
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Re: ldapsearch on accesslog hangs in OpenLDAP 2.4.40 on RHEL 6.9 ( works ok w/ slapcat -b "cn=accesslog")
Next by Date: RE: Using TLS
Index(es):
- Chronological
- Thread