Use CURLOPT_SSL_CTX_FUNCTION for LDAPS connections #4108
Comments
|
I think this situation could and should be documented (more) clearly. If we can make the option supported for LDAP as as well in the same style as the other protocols then that is certainly an enhancement that seems to be totally in place. |
|
I tested it again on Linux, and the CURLOPT_SSL_CTX_FUNCTION and CURLOPT_SSL_CTX_DATA works, I misunderstood something, I guess. I also made it works on Windows with WIN32_LDAP, but it requires a little change in ldap.c. diff --git a/lib/ldap.c b/lib/ldap.c
#ifdef USE_WIN32_LDAP |
|
Can you please submit your proposed change as a pull-request? |
permits management of custom certificates for LDAPs connections for issue curl#4108
I did this
Hello,
I'm using libcurl to manage HTTP(S), IMAP(S), POP(S), SMTP(S) and LDAP(S) connections.
I'm using CURLOPT_SSL_CTX_FUNCTION and CURLOPT_SSL_CTX_DATA to initialize the list of trusted certificates for SSL. I manage myself the certificates and permits to the user to accept them with in-memory certificates.
It works perfectly for HTTP and Mails, but it has no effect for LDAPS connections.
It seems that only certificate files can be used.
I saw in ldap.c that on Windows, openldap is not used, so I tried on Linux to be sure, but only few parameters like cafile and verifypeer are used.
I expected the following
I think CURLOPT_SSL_CTX_FUNCTION (fsslctx) could defines LDAP_OPT_X_TLS_CONNECT_CB
and CURLOPT_SSL_CTX_DATA (fsslctxp) could defines LDAP_OPT_X_TLS_CONNECT_ARG.
Thanks in advance.
curl/libcurl version
7.65.1
operating system
Linux (but if we could compile libcurl against openldap instead of WIN32_LDAP on Windows, it would be great too)
The text was updated successfully, but these errors were encountered: