Eric Covener wrote:
On 11/9/06, Howard Chu hyc@symas.com wrote:
covener@gmail.com wrote:
FWIW, Another SDK I'm working with exposes a once-per-process SSL initialization method, that would amount to ldap_pvt_tls_init();
A fix for this is in HEAD, please test.
Now working for me on HEAD: ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, /CA.pem); ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, "/cert1.pem"); ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYTFILE, "/cert1.key");
ld1 = ldap_init(h,p); ldap_set_option(ld1, LDAP_OPT_X_TLS_CERTFILE, "/cert2.pem"); ldap_set_option(ld1, LDAP_OPT_X_TLS_KEYTFILE, "/cert2.key"); ldap_set_option(ld1, LDAP_OPT_X_NEW_CTX, &(is_server));
ld2 = ldap_init(h,p);
and connections to ld1 and ld2 send the right client cert over the wire. Hope this is a resonable API usage -- Much appreciated!
Thanks for the confirmation.
The is_server flag only needs to be set non-zero if you are going to be accepting incoming TLS sessions with that context.