[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Using TLS
Hi Quanah,
I did the following (and ensured return code was OK) but still got connect issue "error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate)". Can you tell me what else I'm missing? The client checks for server certificate even though it is configured to never do it.
int opt;
opt = LDAP_OPT_X_TLS_NEVER;
ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt);
-And-
int new_ctx = 0;
ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &new_ctx);
Daniel
-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@symas.com]
Sent: Friday, June 23, 2017 5:54 PM
To: Daniel Le <daniel.le@exfo.com>; 'openldap-technical@openldap.org' <openldap-technical@openldap.org>
Subject: RE: Using TLS
--On Friday, June 23, 2017 10:31 PM +0000 Daniel Le <daniel.le@exfo.com>
wrote:
> Thanks Quanah.
>
> Using OpenLDAP API, is it correct to set client TLS option to -not-
> validate server certificates as follows?
>
> int opt;
> opt = LDAP_OPT_X_TLS_NEVER;
> rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt);
You still have to reinitialize the global context, as in my commit, for the filehandle. So you'd want these two lines to be following:
int new_ctx = 0;
rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &new_ctx)
etc.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>