Hi Team,

We are migrating our source code to use openldap client libraries instead of nsldap libraries. We have the below query for the openldap team. Please share your thoughts on this feature availability in the openldap library.


nsldap has the below feature while validating TLS Connections.

please refer to the nss tool, and refer to the section "Options and Arguments"
https://www-archive.mozilla.org/projects/security/pki/nss/tools/certutil


-t trustargs

      Specify the trust attributes to modify in an existing certificate or to apply to a certificate when creating it or adding it to a database.
     
     
      There are three available trust categories for each certificate, expressed in this order: "SSL, email, object signing". In each category position use zero or more of the following attribute codes:
     
     
      p    Valid peer
      P    Trusted peer (implies p)
      c    Valid CA
      T    Trusted CA to issue client certificates (implies c)
      C    Trusted CA to issue server certificates (SSL only)
            (implies c)
      u    Certificate can be used for authentication or signing
      w    Send warning (use with other attributes to include a warning when the certificate is used in that context)
     
     
      The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks. For example:
     
      -t "TCu,Cu,Tuw"
     
     
      Use the -L option to see a list of the current certificates and trust attributes in a certificate database.


our query: Does openldap provide trustargs support to verify TLS connection?  Please share details on this.


Thanks In advance.
--