Thanks Howard, but the problem we found with that was that the cert is dumped in what looks like DER format mixed in with lots of other binary data. However we also go nothing beyond doing -d 3.
On the offchance your version of ldap is newer and dumps the certs nicely, what version of ldap have you got? Thanks again, John. 2009/6/4 Howard Chu <[email protected]>: > John Carter wrote: >> >> Howard, >> >> I appreciate that currently the s_client code is plain-text, this >> would have to change to support ASN.1. >> >> As you indicate "working" ldap once starttls done is hard/insane, but >> as with all protocols that's the user's problem. Actually we are >> primarily interested in seeing the certificate, rather than doing >> anything useful with the connection. > > try "ldapsearch -ZZ -d7" ... > >> I'll see if anyone's interested. >> >> John. >> >> 2009/6/3 Howard Chu<[email protected]>: >>> >>> John Carter wrote: >>>> >>>> Hi, >>>> >>>> Currently the s_client command supports starttls for smtp, ftp etc. >>>> We're wanting to do the same for ldap, something like: >>>> >>>> openssl s_client -connect 1.2.3.4:389 -starttls ldap >>>> >>>> We're willing to pay (around 200 USD) to have this feature added. >>>> >>>> Anyone interested? >>> >>> Just what do you expect s_client to be able to do once it's gotten this >>> far? >>> The s_client code only speaks plaintext; LDAP is ASN.1. You're not going >>> to >>> be able to type anything intelligible into s_client once it's done. >>> >>> And aside from that, the OpenLDAP libraries and tools already support >>> StartTLS... >>> -- > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
