Re: LDAP Cert validation [CODE ATTACHED]

David J. Palaitis Thu, 10 Jun 1999 13:44:33 -0700
i didn't get the attachment correctly,...
can you repost it or send it to me directly
[EMAIL PROTECTED]

William M. Perry wrote:

> Here is the LDAP cert validation code.  I do not know if this belongs in
> the core distribution of OpenSSL or not, but if people think that is the
> place for it to go, feel free.  Otherwise I'll probably just put it up for
> download from one of Aventail's web servers and just have mod_ssl reference
> it as an external library.
>
> There is sample code for it's use in openssl-glue.c - you pass in an `X509
> *' and an LDAP handle and it does the rest.
>
> So, a sample usage would be:
>
> #1) In your initialize code, get your LDAP config variables from wherever
>     you want to keep them, and do:
>
> static void __log_cert_message(int level,const char *msg);
>
> struct av_ldap_config cfg;
>
> memset(&cfg,'\0',sizeof(cfg));
>
> cfg.avlc_enabled = 1;
> cfg.avlc_timeout = 60;
> cfg.avlc_server = ldapHost; /* LDAP server to use */
> cfg.avlc_bind_dn = ldapDN;  /* DN to bind to the LDAP server as */
> cfg.avlc_bind_pwd = ldapPassword; /* password to use */
> cfg.avlc_base = ldapBase; /* Search base */
> cfg.avlc_mappings = ldapAttributes; /* Attribute mappings */
> cfg.avlc_cert_attr = ldapCertAttr; /* where user certs live */
> cfg.avlc_log_function = __log_cert_message; /* log message */
>
> #2) In your callback for cert validation, do:
>
> /* I only check the user certificate via LDAP - the roots are still done
> ** the old way.
> */
>
> if (!errdepth)
> {
>         if 
>(ldap_verify_openssl_certificate(X509_STORE_CTX_get_current_cert(ctx),ldap_handle))
>         {
>                 ok = FALSE;
>         }
>         else
>         {
>                 ok = TRUE;
>         }
> }
>
> No makefile included.  Just needs ldap.h and the OpenSSL header files
> though.  This should work under windows and unix with no problems.
>
> -Bill P.
>
> <#part type="application/octet-stream" filename="/tmp/ldap-cert.tar.gz" 
>disposition=attachment>
> <#/part>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: LDAP Cert validation [CODE ATTACHED]

Reply via email to
