LDAP certificate check - how?

Discussion in 'C++' started by Torsten Mueller, Apr 28, 2014.

  1. I know this topic is special and not many people have to face this. But
    I have to.

    I connect to an Active Directory server using LDAP (Wldap32.dll,
    functions in Winldap.h) to request and modify some data.

    The connection (SSL) allows certificate checks, one for the server's and
    one for the client's certificate. I would a least implement the check of
    the server's certificate. In LDAP there's a callback function which is
    indeed called when I open the connection:

    BOOLEAN _cdecl VerifyServerCert(PLDAP Connection, PCCERT_CONTEXT* ppServerCert)
    {
    // ...
    return TRUE; // don't check, just accept the server certificate
    }

    But I have no idea where to begin with this. How should I start to
    interpret this PCCERT_CONTEXT struct list? Could anyone give me a short
    introduction into this?

    Note: I don't want to use any additional library like OpenSSL for that.

    T.M.
     
    Torsten Mueller, Apr 28, 2014
    #1
    1. Advertisements

  2. Torsten Mueller

    Öö Tiib Guest

    Take certificate validation code of google chrome for source of ideas how
    to code it.

    https://chromium.googlesource.com/chromium/src/net/+/master/cert/cert_verify_proc_win.cc

    Short enough introduction ... under 1000 lines. ;)

    For longer story ... perhaps read section 6.1 from those documents:
    http://tools.ietf.org/html/rfc3280#section-6.1
    http://tools.ietf.org/html/rfc5280#section-6.1
     
    Öö Tiib, Apr 28, 2014
    #2
    1. Advertisements

  3. Torsten Mueller, Apr 28, 2014
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.