cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: LDAP

From: Guenter Knauf <eflash_at_gmx.net>
Date: Thu, 16 Aug 2007 17:19:17 +0200

Hi Daniel,
> Please do!
Done!

I've read a lot yesterday on the M$ site, and got there a basic ldaps sample which fails exactly the same as my cURL implementation;
1. it seems that XP and W2K behave different;
2. the CA _must_ be imported to the local cert store;
I've not found yet a way to disable cert verification as it is possible with OpenLDAP....
It seems though possible to specify a callback routine which does the cert verification which can then eleminate the need for the cert beeing in the keystore.
So what I've just now commited to libcurl _might_ already work on W2K (not XP!) if a valid CA is in the local keystore (no self-signed CAs!) -- Win2K testers please test!
MSDN articles which might be related:
http://support.microsoft.com/default.aspx?scid=kb;en-us;247078
http://support.microsoft.com/default.aspx?scid=kb;en-us;321051
MSDN basic sample ldaps code:
http://msdn2.microsoft.com/en-us/library/aa366105.aspx

ok, all this crap makes me think to recommend that those who need ldaps on Win32 should either use the Novell CLDAP SDK, or an OpenLDAP port for Win32.

ok, what I would need to know is:
how can I access the --insecure (CURLOPT_SSL_VERIFYHOST ?) flag from within ldap.c?
Is this a member of the conn or data struct? and same for the CURLOPT_CAINFO ....

thanks, Guen.
Received on 2007-08-16