Re: LDAPS support
Date: Thu, 23 Aug 2007 15:33:16 +0200
> BTW, I've now verified that this is truly using SSL for the transfer.
ok, my friend reported same, so this should work so far....
now commited next round: support for certs.
As usual with SSL I've now made secure mode default;
means for testing without CA you need now the -k/--insecure switch.
Then I've tested a bit with the Novell LDAP SDK and CA;
I've converted the Novell-provided DER to PEM:
openssl x509 -in cacert.der -inform DER -outform PEM > cacert.pem
NetWare curl + DER CA --> NetWare LDAP server : works.
NetWare curl + PEM CA --> NetWare LDAP server : works.
Win32 curl + DER CA --> NetWare LDAP server : works.
Win32 curl + PEM CA --> NetWare LDAP server : works.
Then I've tested a Cygwin OpenLDAP build:
Cygwin curl -k --> NetWare LDAP server : works.
Cygwin curl + PEM CA --> NetWare LDAP server : DOES NOT WORK!
I used same PEM cert which I successfully used with the Novell CLDAP SDK,
and at the moment I'm clueless why OpenLDAP doesnt work with that CA cert.
Another outstanding test is with the M$ LDAP stuff;
in order to test I'd suggest to use a MingW32 build with LDAPS=1 (or set an env var);
since I dont have a Win32 AD controller, nor I'm much familar with the Win32 cert store stuff, I would really appreciate that someone with more Win32 insight than me could check this.
Received on 2007-08-23