[email protected] wrote: >Kurt Zeilenga wrote: >> Why not just get it from TLS?
That does require an #ifdef <which TLS implementation> mess in the client. libldap already has that. > What exactly do you mean? In OpenSSL, SSL_get_peer_certificate(). I note that it might also or instead make sense to ask for the cert chain - OpenSSL SSL_get_peer_cert_chain(). Which quickly dives into how many other TLS session attributes it would make sense to kindly provide an LDAP API interface to... Hallvard
