Greetings.
Should I be able to discover the (default) locations of SSL certificates, via the libldap
library?
This can be useful when debugging why cert checks are failing -- where is the library
checking? (am I using the library I think I am...?!) Of course dtruss and co can help
here.
ldap_get_option with LDAP_OPT_X_TLS_CACERTDIR (and friends) looks like it should say this,
but when I explore that, it appears to show only settings added with ldap_set_option, thus
only settings overriding a default. And this appears to be confirmed in
libraries/libldap/tls_o.c:tlso_ctx_init. That function hands over to SSL functions, and
while in principle I could retrieve a TLS session context with LDAP_OPT_X_TLS_{,SSL_}CTX,
there are clear warnings that I shouldn't be tinkering with this. The fact that
I'm this deep in the code suggests that either (a) this is not supported, or (b)
I'm looking in the wrong place.
I could in principle use functions from the OpenSSL library, like
X509_get_default_cert_dir_env(), but that requires me to know which SSL library the
libldap library was linked against (and that it was indeed OpenSSL), which has its own
complications. Also, if I'm confident I know that, I have other ways to confirm the
cert directory.
Best wishes,
Norman
--
Norman Gray :
https://nxg.me.uk