Hi Quanah, I tried ldap_int_tls_config for RE24 in my app program as shown below and it didn't work.
Additionally, I'm curious why you use ldap_int_tls_config instead of ldap_set_option? lrc = ldap_int_tls_config(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, "never"); if (lrc != LDAP_OPT_SUCCESS) { bxlog (TRACE_LVL, g_eldap_log_id, "LDAP set tls certificate option failed: %s\n", ldap_err2string(lrc)); goto end; } else { bxlog (TRACE_LVL, g_eldap_log_id, "LDAP set tls option %d\n", LDAP_OPT_X_TLS_NEVER); new_ctx = 0; lrc = ldap_set_option(m_tLDAP, LDAP_OPT_X_TLS_NEWCTX, &new_ctx); if (lrc != LDAP_OPT_SUCCESS) { bxlog (TRACE_LVL, g_eldap_log_id, "LDAP set tls newctx option failed: %s\n", ldap_err2string(lrc)); goto end; } else { bxlog (TRACE_LVL, g_eldap_log_id, "LDAP global context reinitialized\n"); } } Daniel -----Original Message----- From: Quanah Gibson-Mount [mailto:qua...@symas.com] Sent: Monday, June 26, 2017 12:36 PM To: Daniel Le <daniel...@exfo.com>; 'openldap-technical@openldap.org' <openldap-technical@openldap.org> Subject: RE: Using TLS --On Monday, June 26, 2017 4:59 PM +0000 Daniel Le <daniel...@exfo.com> wrote: > int opt; > opt = LDAP_OPT_X_TLS_NEVER; > ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt); > > -And- > > int new_ctx = 0; > ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &new_ctx); Hi Daniel, This case is specifically tested in my TLS test suite in test067. It works correctly, as expected. I would note that I use ldap_int_tls_config (RE24)/ldap_pvt_tls_config (2.5/master) for setting LDAP_OPT_X_TLS_REQUIRE_CERT rather than ldap_set_option. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>