Thanks Quanah. Using OpenLDAP API, is it correct to set client TLS option to -not- validate server certificates as follows?
int opt; opt = LDAP_OPT_X_TLS_NEVER; rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt); Daniel -----Original Message----- From: Quanah Gibson-Mount [mailto:qua...@symas.com] Sent: Friday, June 23, 2017 5:13 PM To: Daniel Le <daniel...@exfo.com>; 'openldap-technical@openldap.org' <openldap-technical@openldap.org> Subject: RE: Using TLS --On Friday, June 23, 2017 10:08 PM +0000 Daniel Le <daniel...@exfo.com> wrote: > Hi Quanah, > > No, I'm fairly new to OpenLDAP and wasn't aware of such global context > requirement. > > Does that only apply to client TLS options? > > Is global option set by passing a NULL LDAP handle? > > I found ITS#8573 wrt your TLS patch, but the URL: > <http://www.openldap.org/lists/openldap-devel/attachments/20170608/2ae > 39d 03/attachment.bin> is not found. Can you point me to where to > download or see the patch? Has it been integrated into 2.4.45? Hi Daniel, You can view it here: <https://github.com/quanah/openldap-scratch/commit/cff66313706c607d4df6f074255703da8d87b35a.patch> and no, it would be part of 2.5 once submitted, although it applies just fine for me to 2.4 --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>