Hi,
I've got some code that uses ldap_start_tls_s() and the server requires client-side certificates. If I set them in the environment, e.g.,
# export LDAPTLS_CERT="/etc/openldap/some.crt"
# export LDAPTLS_KEY="/etc/openldap/some.key"
Then everything works fine. However, if I use:
const char* tls_cert="/etc/openldap/some.crt";
const char* tls_key="/etc/openldap/some.key"; ldap_set_option( ld, LDAP_OPT_X_TLS_CERTFILE, tls_cert ); ldap_set_option( ld, LDAP_OPT_X_TLS_KEYFILE, tls_key );
Then it doesn't work. What am I doing wrong? Should it be "&tls_cert" and "&tls_key"?
I did do an ldap_get_option() using both methods to verify and I get the value that I'm expecting either way.
Thanks,
OK, I discovered that I have to use NULL for those LDAP* on those two options and then it works as expected.
So, couple questions:
1. Are all of the TLS and SASL global options? (i.e., need ld=NULL) 2. Does it say somewhere which options are global or not? (the man page does not)
Thanks, Frank
On Tue, Apr 5, 2016 at 5:41 PM, Frank Crow fjcrow2008@gmail.com wrote:
Hi,
I've got some code that uses ldap_start_tls_s() and the server requires client-side certificates. If I set them in the environment, e.g.,
# export LDAPTLS_CERT="/etc/openldap/some.crt"
# export LDAPTLS_KEY="/etc/openldap/some.key"
Then everything works fine. However, if I use:
const char* tls_cert="/etc/openldap/some.crt";
const char* tls_key="/etc/openldap/some.key"; ldap_set_option( ld, LDAP_OPT_X_TLS_CERTFILE, tls_cert ); ldap_set_option( ld, LDAP_OPT_X_TLS_KEYFILE, tls_key );
Then it doesn't work. What am I doing wrong? Should it be "&tls_cert" and "&tls_key"?
I did do an ldap_get_option() using both methods to verify and I get the value that I'm expecting either way.
Thanks,
Frank
openldap-technical@openldap.org
-
Frank Crow