cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: LDAPS support

From: Guenter Knauf <eflash_at_gmx.net>
Date: Fri, 24 Aug 2007 21:36:45 +0200

Hi all,
current status now:
based on the description found in cURL's ./docs/SSLCERTS I've used openssl to create a PEM CA cert for openldap.org which you can get from my site for testing:
http://www.gknw.net/test/curl/ldaps/openldap.pem
this CA was used for all tests below:

using Novell CLDAP SDK:
NetWare curl + PEM CA --> OpenLDAP.org LDAP server : works.
MingW32 curl + PEM CA --> OpenLDAP.org LDAP server : works.

using OpenLDAP:
MingW32 curl + PEM CA --> OpenLDAP.org LDAP server : works.
Cygwin curl + PEM CA --> OpenLDAP.org LDAP server : works.
Linux curl + PEM CA --> OpenLDAP.org LDAP server : works.

If someone wants to build MingW32 with OpenLDAP you can download an 'OpenLDAP SDK' I've copied together from the original OpenLDAP 2.2.29 + DLLs taken from:
http://www.gknw.net/test/openldap/openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_devel.zip
and use these vars to tell the makefile what to build:
set LDAP_SDK=c:/projects/sdks/openldap-2.2.29
set USE_LDAP_OPENLDAP=1
set LDAPS=1

Attention: I found that MingW GCC 4.2.1 seems to have a problem with LDAP SDKs! The resulting binaries crash! Use MingW32 3.x for now!

Still outstanding test is with the M$ LDAP stuff;
in order to test I'd suggest to use a MingW32 build with LDAPS=1 (or set an env var);

since I dont have a Win32 AD controller, nor I'm much familar with the Win32 cert store stuff, I would really appreciate that someone with more Win32 insight than me could check this.

here's a log how it looks on Linux:
./src/curl -v --cacert ../openldap.pem ldaps://ldap.openldap.org/dc=openldap,dc=org
* About to connect() to ldap.openldap.org port 636 (#0)
* Trying 204.152.186.57... connected
* Connected to ldap.openldap.org (204.152.186.57) port 636 (#0)
* LDAP local: LDAP Vendor = OpenLDAP ; LDAP Version = 20227
* LDAP local: ldaps://ldap.openldap.org/dc=openldap,dc=org
* LDAP local: trying to establish encrypted connection
* LDAP local: using PEM CA cert: ../openldap.pem
DN: dc=OpenLDAP,dc=Org
        objectClass: top
        objectClass: organization
        objectClass: OpenLDAPorg
        objectClass: dcObject
        objectClass: domainRelatedObject

        dc: OpenLDAP

        displayName: OpenLDAP Project

        o: OpenLDAP Project
        o: OpenLDAP Foundation
        o: OpenLDAP

        l: Internet

        description: OpenLDAP - community developed software

        labeledURI: http://www.OpenLDAP.org/ The OpenLDAP Project
        labeledURI: mailto:info_at_OpenLDAP.org The OpenLDAP Project

        associatedDomain: OpenLDAP.org

* Closing connection #0

Guen.
Received on 2007-08-24