Date: Wed, 22 Aug 2007 12:40:22 +0200
it seems that with my first tests with ldaps and Novell SDK I saw the best ldaps support;
but now after I have really read a lot of mailing list and forum posts I can only 100% agree that ldaps is a real pain with all other SDKS, at least when you want to connect without trusted CA.
So the status of the ldaps support I introduced is currently:
- Fully working without CA cert on NetWare and Win32 build with Novell CLDAP SDK
- Probably working on Cygwin and Linux with OpenLDAP SDK (not checked yet if data is really encrypted, but it connects to 636 with current code)
- Probably working on Win32 with M$ LDAP SDK if a CA is stored in local key store
- Probably working on Win32 / Linux / Solaris build with Mozilla SDK if a cert7.db file is specified.
I've read at many many places exactly same error messages as I got;
also came over non-matching docs with the APIs, etc...
So what now needs to be tested further:
- does current code with OpenLDAP really encrypt? At least it connects now fine with ldaps.
- does current code work _with_ CA certs?
in order to test the last point its now needed that I get somehow the values of these switches into the ldap.c code which curl can set:
-k/--insecure Allow connections to SSL sites without certs (H)
--cert-type <type> Certificate file type (DER/PEM/ENG) (SSL)
--cacert <file> CA certificate to verify peer against (SSL)
--capath <directory> CA directory (made using c_rehash) to verify
peer against (SSL)
sorry, but due to all the reading/searching reagarding proper API usage I have not digged enough through curl/libcurl to find out how I can access these values.
Any help with that GREATLY welcome!
PS: I've not yet commited the modification needed for Mozilla LDAP SDK support.
Received on 2007-08-22