Hi Quanah,

I tried ldap_int_tls_config for RE24 in my app program as shown below and it didn't work.

Additionally, I'm curious why you use ldap_int_tls_config instead of ldap_set_option?

lrc = ldap_int_tls_config(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, "never"); if (lrc != LDAP_OPT_SUCCESS) { bxlog (TRACE_LVL, g_eldap_log_id, "LDAP set tls certificate option failed: %s\n", ldap_err2string(lrc)); goto end; } else { bxlog (TRACE_LVL, g_eldap_log_id, "LDAP set tls option %d\n", LDAP_OPT_X_TLS_NEVER); new_ctx = 0; lrc = ldap_set_option(m_tLDAP, LDAP_OPT_X_TLS_NEWCTX, &new_ctx); if (lrc != LDAP_OPT_SUCCESS) { bxlog (TRACE_LVL, g_eldap_log_id, "LDAP set tls newctx option failed: %s\n", ldap_err2string(lrc)); goto end; } else { bxlog (TRACE_LVL, g_eldap_log_id, "LDAP global context reinitialized\n"); } }

Daniel

-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@symas.com] Sent: Monday, June 26, 2017 12:36 PM To: Daniel Le daniel.le@exfo.com; 'openldap-technical@openldap.org' openldap-technical@openldap.org Subject: RE: Using TLS

--On Monday, June 26, 2017 4:59 PM +0000 Daniel Le daniel.le@exfo.com wrote:

int opt; opt = LDAP_OPT_X_TLS_NEVER; ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt);

-And-

int new_ctx = 0; ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &new_ctx);

Hi Daniel,

This case is specifically tested in my TLS test suite in test067. It works correctly, as expected. I would note that I use ldap_int_tls_config (RE24)/ldap_pvt_tls_config (2.5/master) for setting LDAP_OPT_X_TLS_REQUIRE_CERT rather than ldap_set_option.

--Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com