Hi Philip ,
    Thanks for the quick response. As far as I know , LDAP_OPT_X_TLS_CTX will set the SSL_CTX pointer. I tried to set this opition to NULL before I did a start tls for the second time. I observed process crash at this time .

  . From what you are saying , I understood that SSL_CTX had conext from which the ca cert is verified for the second time. Please correct me if I am wrong

On Thu, Aug 28, 2014 at 12:14 PM, Philip Guenther <pguenther@proofpoint.com> wrote:
On Wed, 27 Aug 2014, SOMA SEKHAR wrote:
> On Sat, Aug 23, 2014 at 1:08 PM, SOMA SEKHAR <somasekhar44@gmail.com> wrote:
> > link to question on stackoverflow
> > I'm having trouble verifying the correct behavior of my software. Here
> > are the steps I am performing to verify correct operation:
> >
> >    1. I have sample code that uses openldap library and doing a start tls
> >    to a ldap server.
> >    2. I have set the global option for ca cert directory and tlx context
> >    for the first time.
> >    3. After that I did ldap init and ldap start tls to a server. This is
> >    succesful as expected.
> >    4. I did an ldap_unbind_s
> >    5. I deleted the CA cert that signed the ldap server's certificate
> >    from the ca cert directory of the client.
> >    6. Again did ldap_init and ldap_start_tls_s .
> >    7. I expected this call to fail , as I have removed the ca cert. But
> >    what I observe is that , server sends the certificate but start_tls is
> >    returning success.

If you feel this behavior is not described from the ldap_tls(3) and
ldap_get_option(3) manpages, then you should file an ITS asking that those
manpages be clarified.

As is, the only documented sure way to completely reset the SSL state is
to restart the process.

> > ldap_set_option(NULL, LDAP_OPT_X_TLS_CTX, NULL);

You used this option here, but not later?  If you don't know what this
option does, why did you call it?