What you are asking for does not make sense. The point of the client cert is to
establish the identify of the client. If the server bootstraps this, ANY client
can connect and receive the identity.
Now, what you MAY want to do is authenticate via a different mechanism (say
account and password on a secure web server), and have it push the client cert
to you.
-----Original Message-----
From: owner-openssl-us...@openssl.org on behalf of Bryan Boone
Sent: Mon 7/26/2010 12:55 PM
To: openssl-users@openssl.org
Subject: Simple question about SSL certs
Hi everyone, I am a noob when it comes to SSL and I have an easy question but I
don't have the time to look up the answer myself.
I am trying to write an LDAP client. I need this client to use SSL as well. I
am using the openldap server and C libraries. Here is what the openldap web
page says...
OpenLDAP clients and servers are capable of using the Transport Layer Security
(TLS) framework to provide integrity and confidentiality protections and to
support LDAP authentication using the SASL EXTERNAL mechanism. TLS is defined
in
RFC4346.
I would like to write an LDAP client that when a user connects to an LDAP
server
with SSL, that the client cert is automatically downloaded to the client. Then
a prompt asks the client to accept or reject the cert. Is this possible when
using the OpenSSL C libraries?
thanks
