LDAP certificate check - how?

T

Torsten Mueller

I know this topic is special and not many people have to face this. But
I have to.

I connect to an Active Directory server using LDAP (Wldap32.dll,
functions in Winldap.h) to request and modify some data.

The connection (SSL) allows certificate checks, one for the server's and
one for the client's certificate. I would a least implement the check of
the server's certificate. In LDAP there's a callback function which is
indeed called when I open the connection:

BOOLEAN _cdecl VerifyServerCert(PLDAP Connection, PCCERT_CONTEXT* ppServerCert)
{
// ...
return TRUE; // don't check, just accept the server certificate
}

But I have no idea where to begin with this. How should I start to
interpret this PCCERT_CONTEXT struct list? Could anyone give me a short
introduction into this?

Note: I don't want to use any additional library like OpenSSL for that.

T.M.
 
Ö

Öö Tiib

I know this topic is special and not many people have to face this. But
I have to.

I connect to an Active Directory server using LDAP (Wldap32.dll,
functions in Winldap.h) to request and modify some data.

The connection (SSL) allows certificate checks, one for the server's and
one for the client's certificate. I would a least implement the check of
the server's certificate. In LDAP there's a callback function which is
indeed called when I open the connection:

BOOLEAN _cdecl VerifyServerCert(PLDAP Connection, PCCERT_CONTEXT* ppServerCert)
{
// ...
return TRUE; // don't check, just accept the server certificate
}

But I have no idea where to begin with this. How should I start to
interpret this PCCERT_CONTEXT struct list? Could anyone give me a short
introduction into this?

Note: I don't want to use any additional library like OpenSSL for that.
Click to expand...

Take certificate validation code of google chrome for source of ideas how
to code it.

https://chromium.googlesource.com/chromium/src/net/+/master/cert/cert_verify_proc_win.cc

Short enough introduction ... under 1000 lines. ;)

For longer story ... perhaps read section 6.1 from those documents:
http://tools.ietf.org/html/rfc3280#section-6.1
http://tools.ietf.org/html/rfc5280#section-6.1
 
F

Frank Offermanns

Joined
Jan 29, 2019
Messages
1
Reaction score
0
I have exactly the same task. Could you post your implementation of:
BOOLEAN _cdecl VerifyServerCert(PLDAP Connection, PCCERT_CONTEXT* ppServerCert) please?

Thanks,
Frank
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

connecting problem in vb.net with ldap to active directory 1
certificate verify failed 7
Digital Signature field form in PDF generated document from HTML 5
SSL Client Certificate error on Mac OS X 10.6.4 4
Server certificate validation on client side 0
Certificate validation 1
HTTPClient Suddenly Fails - Cannot Verify Certificate File 3
Error using httlib's HTTPSConnection with PKCS#12 certificate 0

Members online

Total: 39 (members: 2, guests: 37)
Robots: 467

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,014
Latest member
BiancaFix3

Latest Threads

Top