24 Sep
2014
24 Sep
'14
11:28 p.m.
Bin Lu wrote:
Support for "server cert validation", and was looking for the API(s) that does that, like would setting LDAP_OPT_X_TLS_CACERTFILE option (and/or combined with LDAP_OPT_X_TLS_DEMAND), etc. It would be really nice to have a callback API to use your own validation logic (to handle some special cases), maybe it already exists just I don't know.
One option is maybe to make the connection and initialize the SSL context yourself and use ldap_init_fd(). This only works for LDAPS though.
In git master there's already code to retrieve the server cert by calling ldap_get_option(LDAP_OPT_X_TLS_PEERCERT) and do whatever your want with it. I guess this won't appear in RE24.
Ciao, Michael.