On Tuesday 21 September 2010 03:17:48 ctosgh wrote:
Seems nobody run into this issue??
At 2010-09-20 10:02:10，ctosgh <ctosgh(a)126.com> wrote:
I am using the APIs from openldap and recently run into a problem
which upset me. Following is the framework of the function.
LDAP* ld = NULL;
char * uri ="ldaps://xxx.xxx.xxx:636";
ldap_set_option(...); //using LDAP v3
ldap_set_option(...); // set LDAP_OPT_X_TLS_REQUIRE_CERT to deman
ldap_set_option(...); // set LDAP_OPT_X_TLS_CACERTDIR to/tmp/ldapsCA/
really want the TLS context recreated with each iteration I
think you can just call:
ldap_set_option( NULL, LDAP_OPT_X_TLS_NEWCTX, LDAP_OPT_ON);
after the above calls.
Above function is called in a while loop to authenticate users to a
LDAPS server when authentication request comes up. This function
works fine. BUT after one successful authentication, if I delete CA
certificates of server's certificate under /tmp/ldapsCA/, subsequent
authentications will STILL succeed. If restart this daemon, no
authentication will succeed, because CA certificates under
/tmp/ldapsCA/ has been deleted. Why I delete CA certificates under
/tmp/ldapsCA/? I just want to simulate "certificate change". Is the
openssl library cache someting??
Any one has any ideas about this? I will really appreciate it.