cURL / Mailing Lists / curl-library / Single Mail



From: Guenter Knauf <>
Date: Thu, 16 Aug 2007 17:19:17 +0200

Hi Daniel,
> Please do!

I've read a lot yesterday on the M$ site, and got there a basic ldaps sample which fails exactly the same as my cURL implementation;
1. it seems that XP and W2K behave different;
2. the CA _must_ be imported to the local cert store;
I've not found yet a way to disable cert verification as it is possible with OpenLDAP....
It seems though possible to specify a callback routine which does the cert verification which can then eleminate the need for the cert beeing in the keystore.
So what I've just now commited to libcurl _might_ already work on W2K (not XP!) if a valid CA is in the local keystore (no self-signed CAs!) -- Win2K testers please test!
MSDN articles which might be related:;en-us;247078;en-us;321051
MSDN basic sample ldaps code:

ok, all this crap makes me think to recommend that those who need ldaps on Win32 should either use the Novell CLDAP SDK, or an OpenLDAP port for Win32.

ok, what I would need to know is:
how can I access the --insecure (CURLOPT_SSL_VERIFYHOST ?) flag from within ldap.c?
Is this a member of the conn or data struct? and same for the CURLOPT_CAINFO ....

thanks, Guen.
Received on 2007-08-16