Re: A LDAPS related issue

It certainly like it's treating the certs like slapd.conf: read once and remember. Well done on testing this - someone else asked this a while back (although less technical). - chris Chris Jacobs, Systems Administrator Apollo Group | Apollo Marketing | Aptimus 2001 6th Ave Ste 3200 | Seattle, WA 98121 phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 email: chris.jacobs(a)apollogrp.edu ________________________________ From: openldap-technical-bounces(a)OpenLDAP.org <openldap-technical-bounces(a)OpenLDAP.org&gt; To: ctosgh <ctosgh(a)126.com&gt; Cc: openldap-technical(a)openldap.org <openldap-technical(a)openldap.org&gt; Sent: Mon Sep 20 18:17:48 2010 Subject: Re:A LDAPS related issue Seems nobody run into this issue?? At 2010-09-20 10:02:10，ctosgh <ctosgh(a)126.com&gt; wrote: Hi, folks I am using the APIs from openldap and recently run into a problem which upset me. Following is the framework of the function. ldaps_func() { LDAP* ld = NULL; char * uri =" ldaps://xxx.xxx.xxx:636<ldaps://xxx.xxx.xxx:636/>"; ..... ldap_set_option(...); //using LDAP v3 ldap_set_option(...); // set LDAP_OPT_X_TLS_REQUIRE_CERT to deman ldap_set_option(...); // set LDAP_OPT_X_TLS_CACERTDIR to /tmp/ldapsCA/ ldap_initialize(&ld, uri); ..... ldap_simple_bind(.....); ldap_search_ext(...); ...... ldap_unbind(ld); ..... return 0; } Above function is called in a while loop to authenticate users to a LDAPS server when authentication request comes up. This function works fine. BUT after one successful authentication, if I delete CA certificates of server's certificate under /tmp/ldapsCA/, subsequent authentications will STILL succeed. If restart this daemon, no authentication will succeed, because CA certificates under /tmp/ldapsCA/ has been deleted. Why I delete CA certificates under /tmp/ldapsCA/? I just want to simulate "certificate change". Is the openssl library cache someting?? Any one has any ideas about this? I will really appreciate it. Thanks, Jacky ________________________________ 全国最低价，天天在家冲照片，24小时发货上门！<http://yxp.163.com/photo/ep.html?sss=fromyx091... ________________________________ 全国最低价，天天在家冲照片，24小时发货上门！<http://yxp.163.com/photo/ep.html?sss=fromyx091... ________________________________ This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.