Victor wrote:
Yes, the new code works for me, but I didn't pass any test included in the APR project (if they exist). I simply compiled the new code, and tested the connection, not only with ldaps, but also with simple ldap. I also track the TCP packets with WireShark and checked that SSL handshake was made with ldaps and no plain text password was sent over the wire.
I just committed the change - can you confirm for me that what is committed (to apr-util trunk) works properly? If so, I'll backport it to v1.2 as well.
I tested the result in Windows XP and Windows 2000 Server (different wldap32.dll versions), but I think more intensive testing is needed. It is important the user that launches the Apache service and/or the Windows certificate store where we must put the CA certificate (intrinsics of this API).
So far the word is that the Windows LDAP API requires that CA certificates and keys be set in the registry, but I don't know of any docs that describe how this might be done.
Do you know if this is documented anywhere? Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
