Hi ,
I have my ca cert in a dir and I am setting the CACERTDIR option in
openldap global options.
*ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, <my dir path>)*.
After that , I started the tls connection using '*ldap_start_tls_s*' ,
followed by '*ldap_bind_s*'. This worked fine.
What I did not understand is that , even after removing the ca cert from
that directory , ldap bind succeeds. Does it mean that certificate
verification is not done for the second time by SSL_connect?
I have just started on openldap and gone through the code in version 2.4
and openssl-fips-1.2 , searched in google,stackoverflow etc .
Can anyone please help me with some information or pointers on this.
--
Thanks&Regards,
SomaSekhar.
Show replies by date