Hello,
I'm trying to write a simple LDAP program that uses TLS for communication and am running into problems with the server certificate verification.
Using strace I noticed that the ldapsearch command is able to find the appropriate CA certificate for the server I'm connecting to in my /etc/ssl/certs directory even if the TLS_CACERT setting in ldap.conf points to a different certificate. In my program, however, I receive error 91, which is a Connect error.
Setting TLS_CACERT to the server's CA certificate allows the connection to go through, but that is not feasible as I need to connect to servers with different CAs.
I tried looking through ldapsearch.c to find the secret sauce to get this to work, but was not successful. Can someone point me in the right direction.
Thanks a lot! -berto.