Thanks, that helps it's now working.
Don
On Sunday, September 10, 2017, 2:51:15 PM MDT, Quanah Gibson-Mount
wrote:
--On Sunday, September 10, 2017 2:25 PM +0200 Michael Ströder
wrote:
> I thought you have to set LDAP_OPT_X_TLS_NEWCTX to 0
--On Sunday, September 10, 2017 2:25 PM +0200 Michael Ströder
wrote:
I thought you have to set LDAP_OPT_X_TLS_NEWCTX to 0 *after* setting all
TLS-related options to let libldap reinitialize the client's SSL context.
Doesn't that work as expected?
Well, my point was, he's
Quanah Gibson-Mount wrote:
--On Friday, September 08, 2017 6:48 PM + Don jessup
wrote:
int reqcert = LDAP_OPT_X_TLS_NEVER;
ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, );
Is there way to make this work programmatically without using
the ldap.conf?
Yes. The
--On Friday, September 08, 2017 6:48 PM + Don jessup
wrote:
int reqcert = LDAP_OPT_X_TLS_NEVER;
ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, );
Is there way to make this work programmatically without using the
ldap.conf?
Yes. The problem is the TLS options
--On Friday, July 07, 2017 4:29 PM + Daniel Le
wrote:
Right, ldap_set_option doesn't take string input argument. I implied an
integer value such as LDAP_OPT_X_TLS_NEVER, LDAP_OPT_X_TLS_ALLOW, etc.
I have no doubt it works nicely in your case. Just trying to understand
Gibson-Mount [mailto:qua...@symas.com]
Sent: Friday, July 07, 2017 11:20 AM
To: Daniel Le <daniel...@exfo.com>; 'openldap-technical@openldap.org'
<openldap-technical@openldap.org>
Subject: RE: Using TLS
--On Friday, July 07, 2017 4:05 PM + Daniel Le <daniel...@exfo.com>
wrote:
--On Friday, July 07, 2017 4:05 PM + Daniel Le
wrote:
Hi Quanah,
I tried ldap_int_tls_config for RE24 in my app program as shown below and
it didn't work.
Interesting. ;/ I wonder if there's something more in what you're doing
outside of that code snippet that's
VL, g_eldap_log_id, "LDAP global context
reinitialized\n");
}
}
Daniel
-Original Message-
From: Quanah Gibson-Mount [mailto:qua...@symas.com]
Sent: Monday, June 26, 2017 12:36 PM
To: Daniel Le <daniel...@exfo.com>; 'openldap-technical@openldap.org'
<openldap-techni
--On Monday, June 26, 2017 4:59 PM + Daniel Le
wrote:
int opt;
opt = LDAP_OPT_X_TLS_NEVER;
ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, );
-And-
int new_ctx = 0;
ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, _ctx);
Hi Daniel,
This case is specifically tested in
com]
Sent: Friday, June 23, 2017 5:54 PM
To: Daniel Le <daniel...@exfo.com>; 'openldap-technical@openldap.org'
<openldap-technical@openldap.org>
Subject: RE: Using TLS
--On Friday, June 23, 2017 10:31 PM + Daniel Le <daniel...@exfo.com>
wrote:
> Thanks Quanah.
>
> Usi
--On Friday, June 23, 2017 10:31 PM + Daniel Le
wrote:
Thanks Quanah.
Using OpenLDAP API, is it correct to set client TLS option to -not-
validate server certificates as follows?
int opt;
opt = LDAP_OPT_X_TLS_NEVER;
rc = ldap_set_option(NULL,
...@symas.com]
Sent: Friday, June 23, 2017 5:13 PM
To: Daniel Le <daniel...@exfo.com>; 'openldap-technical@openldap.org'
<openldap-technical@openldap.org>
Subject: RE: Using TLS
--On Friday, June 23, 2017 10:08 PM + Daniel Le <daniel...@exfo.com>
wrote:
> Hi Quanah,
&
--On Friday, June 23, 2017 10:08 PM + Daniel Le
wrote:
Hi Quanah,
No, I'm fairly new to OpenLDAP and wasn't aware of such global context
requirement.
Does that only apply to client TLS options?
Is global option set by passing a NULL LDAP handle?
I found ITS#8573
lt;daniel...@exfo.com>; 'openldap-technical@openldap.org'
<openldap-technical@openldap.org>
Subject: RE: Using TLS
Hi Daniel,
You are aware that you must use the global context when changing the TLS
options for a client, correct? It does not work on the specific filehandle.
Daniel
-Original Message-
From: Daniel Le
Sent: Monday, June 19, 2017 3:58 PM
To: 'Paulm' <pa...@tetrardus.net>
Cc: openldap-technical@openldap.org
Subject: RE: Using TLS
I rebuilt with libssl (an OpenSSL library which supports SSL and TLS) and
that worked. Thanks.
However, I got into the c
To: 'Paulm' <pa...@tetrardus.net>
Cc: openldap-technical@openldap.org
Subject: RE: Using TLS
I rebuilt with libssl (an OpenSSL library which supports SSL and TLS) and that
worked. Thanks.
However, I got into the connect error "14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certifi
I rebuilt with libssl (an OpenSSL library which supports SSL and TLS) and that
worked. Thanks.
However, I got into the connect error "14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed
certificate)", even though the LDAP_OPT_X_TLS_REQUIRE_CERT option is
On Fri, Jun 16, 2017 at 03:26:20PM +, Daniel Le wrote:
>Hi,
>
>
>I'm seeing some critical error which causes the application program to
>exit/terminate when ldap_start_tls_s(LDAP-handle, NULL, NULL) is
>called. Tracing the code execution, ldap_start_tls_s =>
>
--On Tuesday, February 09, 2016 02:15:25 PM +0100 Michael Ströder
wrote:
Bill MacAllister wrote:
I am working on using TLS on an OpenLDAP server and having issues.
Basically I can make a TLS connection, but I don't see EXTERNAL as
one of the supportedSASLMechanisms.
Bill MacAllister wrote:
> I am working on using TLS on an OpenLDAP server and having issues.
> Basically I can make a TLS connection, but I don't see EXTERNAL as
> one of the supportedSASLMechanisms. (slapd 2.4.41+dfsg-1ubuntu2~dbp0
> built with openssl)
You have to use TLS client certificate.
20 matches
Mail list logo