I am using the APIs from openldap and recently run into a problem which upset me.
Following is the framework of the function.
LDAP* ld = NULL;
char * uri ="ldaps://xxx.xxx.xxx:636";
ldap_set_option(...); //using LDAP v3
ldap_set_option(...); // set LDAP_OPT_X_TLS_REQUIRE_CERT to deman
ldap_set_option(...); // set LDAP_OPT_X_TLS_CACERTDIR to /tmp/ldapsCA/
Above function is called in a while loop to authenticate users to a LDAPS server when
authentication request comes up. This function works fine. BUT after one successful
authentication, if I delete CA certificates of server's certificate under
/tmp/ldapsCA/, subsequent authentications will STILL succeed. If restart this daemon, no
authentication will succeed, because CA certificates under /tmp/ldapsCA/ has been
Why I delete CA certificates under /tmp/ldapsCA/? I just want to simulate
Is the openssl library cache someting??
Any one has any ideas about this? I will really appreciate it.