cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: LDAPS support

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 22 Aug 2007 23:03:46 +0200 (CEST)

On Wed, 22 Aug 2007, Guenter Knauf wrote:

> - Probably working on Cygwin and Linux with OpenLDAP SDK (not checked yet if
> data is really encrypted, but it connects to 636 with current code)

I use Debian Linux and I have the libldap2-dev package (OpenLDAP development
libraries) installed, but it doesn't seem to have ldap_ssl.h etc so I don't
get ldaps enabled...

Have you built/tried ldaps on Linux? If so, what did you use/install for that?

> - does current code with OpenLDAP really encrypt? At least it connects now
> fine with ldaps.

Should be easily verified by running wireshark or similar while doing a fetch.

> in order to test the last point its now needed that I get somehow the values
> of these switches into the ldap.c code which curl can set:
>
> -k/--insecure Allow connections to SSL sites without certs (H)

data->set.ssl.verifypeer and data->set.ssl.verifyhost

> --cert-type <type> Certificate file type (DER/PEM/ENG) (SSL)

data->set.str[STRING_CERT_TYPE]

> --cacert <file> CA certificate to verify peer against (SSL)

data->set.str[STRING_SSL_CAFILE]

> --capath <directory> CA directory (made using c_rehash) to verify
> peer against (SSL)

data->set.str[STRING_SSL_CAPATH]

> sorry, but due to all the reading/searching reagarding proper API usage I
> have not digged enough through curl/libcurl to find out how I can access
> these values.
>
> Any help with that GREATLY welcome!

I've filled in the libcurl way of accessing the info.

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2007-08-22