Thanks Quanah.
Using OpenLDAP API, is it correct to set client TLS option to -not- validate server certificates as follows?
int opt; opt = LDAP_OPT_X_TLS_NEVER; rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt);
Daniel
-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@symas.com] Sent: Friday, June 23, 2017 5:13 PM To: Daniel Le daniel.le@exfo.com; 'openldap-technical@openldap.org' openldap-technical@openldap.org Subject: RE: Using TLS
--On Friday, June 23, 2017 10:08 PM +0000 Daniel Le daniel.le@exfo.com wrote:
Hi Quanah,
No, I'm fairly new to OpenLDAP and wasn't aware of such global context requirement.
Does that only apply to client TLS options?
Is global option set by passing a NULL LDAP handle?
I found ITS#8573 wrt your TLS patch, but the URL: <http://www.openldap.org/lists/openldap-devel/attachments/20170608/2ae 39d 03/attachment.bin> is not found. Can you point me to where to download or see the patch? Has it been integrated into 2.4.45?
Hi Daniel,
You can view it here: https://github.com/quanah/openldap-scratch/commit/cff66313706c607d4df6f074255703da8d87b35a.patch
and no, it would be part of 2.5 once submitted, although it applies just fine for me to 2.4
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com