Hi all,

I have few question on proper usage of ldap_opt_x_tls_require_cert option.

when ldap_opt_x_tls_require_cert is set to LDAP_OPT_X_TLS_ALLOW on ldap handle after ldap_initialize, it was not working. It failed with certificate verify error. But according to the ldap.conf man page, setting LDAP_OPT_X_TLS_ALLOW option should not verify the server certificate

After googling around found that LDAP_OPT_X_TLS_ALLOW should be set on global handle. Then got rid of certificate verify error.

But I faced a new problem ,changing LDAP_OPT_X_TLS_ALLOW to LDAP_OPT_X_TLS_TRY in the same process doesnt verify the certificate. When i kill the process and restart it, it verifies the certificate properly.

Somehow i managed to solve the problem by setting clearing the context using *LDAP_OPT_X_TLS_NEWCTX

int tls=**LDAP_OPT_X_TLS_ALLOW* *ldap_set_option(NULL,**LDAP_OPT_X_TLS_REQUIRE_CERT,*&tls) *j=0 ldap_set_option(NULL,**LDAP_OPT_X_TLS_NEWCTX,&j)

*But when i try to set *LDAP_OPT_X_TLS_REQUIRE_CERT *after clearing context, it is not working.

Can someone explain the correct usage of *LDAP_OPT_X_TLS_REQUIRE_CERT * option*

*Regards, Thiyagu