Hi Quanah,

I did the following (and ensured return code was OK) but still got connect issue "error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate)". Can you tell me what else I'm missing? The client checks for server certificate even though it is configured to never do it.

int opt; opt = LDAP_OPT_X_TLS_NEVER; ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt);

-And-

int new_ctx = 0; ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &new_ctx);

Daniel

-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@symas.com] Sent: Friday, June 23, 2017 5:54 PM To: Daniel Le daniel.le@exfo.com; 'openldap-technical@openldap.org' openldap-technical@openldap.org Subject: RE: Using TLS

--On Friday, June 23, 2017 10:31 PM +0000 Daniel Le daniel.le@exfo.com wrote:

Thanks Quanah.

Using OpenLDAP API, is it correct to set client TLS option to -not- validate server certificates as follows?

int opt; opt = LDAP_OPT_X_TLS_NEVER; rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt);

You still have to reinitialize the global context, as in my commit, for the filehandle. So you'd want these two lines to be following:

int new_ctx = 0; rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &new_ctx)

etc.

--Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com