On Tue, 2 Dec 2008, Guillaume Rousse wrote:
The code manipulates an opaque LDAP *ld connection handle. I had a quick look at openldap code, in libraries/libldap/tls.c, to see how this handle could be used to access the x509 certificate:
LDAPConn *conn = NULL; Sockbuf *sb = NULL; SSL *ssl = NULL; X509 *certificate = NULL;
conn = ld->ld_defconn; sb = conn->lconn_sb; ssl = ldap_pvt_tls_sb_ctx(sb); certificate = tls_get_cert(ssl);
However, all those types are defined in libraries/libldap/ldap-int.h header, meaning those are for internal use only. I had a quick look at IETF LDAP C draft found in openldap sources, but I couldn't find anything related to the topic. So, what's the proper way for doing this ?
ldap_get_option(ld, LDAP_OPT_X_TLS_SSL_CTX, &ssl);
Philip Guenther