Howard, I appreciate that currently the s_client code is plain-text, this would have to change to support ASN.1.
As you indicate "working" ldap once starttls done is hard/insane, but as with all protocols that's the user's problem. Actually we are primarily interested in seeing the certificate, rather than doing anything useful with the connection. I'll see if anyone's interested. John. 2009/6/3 Howard Chu <[email protected]>: > John Carter wrote: >> >> Hi, >> >> Currently the s_client command supports starttls for smtp, ftp etc. >> We're wanting to do the same for ldap, something like: >> >> openssl s_client -connect 1.2.3.4:389 -starttls ldap >> >> We're willing to pay (around 200 USD) to have this feature added. >> >> Anyone interested? > > Just what do you expect s_client to be able to do once it's gotten this far? > The s_client code only speaks plaintext; LDAP is ASN.1. You're not going to > be able to type anything intelligible into s_client once it's done. > > And aside from that, the OpenLDAP libraries and tools already support > StartTLS... > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
