John Carter wrote:
Howard,
I appreciate that currently the s_client code is plain-text, this
would have to change to support ASN.1.
As you indicate "working" ldap once starttls done is hard/insane, but
as with all protocols that's the user's problem. Actually we are
primarily interested in seeing the certificate, rather than doing
anything useful with the connection.
try "ldapsearch -ZZ -d7" ...
I'll see if anyone's interested.
John.
2009/6/3 Howard Chu<[email protected]>:
John Carter wrote:
Hi,
Currently the s_client command supports starttls for smtp, ftp etc.
We're wanting to do the same for ldap, something like:
openssl s_client -connect 1.2.3.4:389 -starttls ldap
We're willing to pay (around 200 USD) to have this feature added.
Anyone interested?
Just what do you expect s_client to be able to do once it's gotten this far?
The s_client code only speaks plaintext; LDAP is ASN.1. You're not going to
be able to type anything intelligible into s_client once it's done.
And aside from that, the OpenLDAP libraries and tools already support
StartTLS...
--
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
