search

inejge / ldap3

A pure-Rust LDAP library using the Tokio stack
Apache License 2.0
220 stars 38 forks source link

Rustls and custom CA #108

Closed git-noise closed 1 year ago

git-noise commented 1 year ago

Hello,

I was wondering if someone had any snippet of a working TLS example with rustls and a custom CA. I tried to add the CA to the OS certificate trust-store as well as something like the following:

LdapConnSettings::new().set_config(client_tls_conf)

With client_tls_conf being a rustls::client::ClientConfig that loads the CA-pem file.

In both cases I am facing a invalid peer certificate: BadEncoding issue on an otherwise seemingly valid TLS configuration - at least according to OpenSSL, curl, or ldap-utils.

Many thanks, Best

git-noise commented 1 year ago

Actually the BadEncoding error has been recently referenced in rustls and potentially stems from a certificate having multiple SANs. It seems building a rustls::client::ClientConfig and using it via LdapConnSettings::new().set_config() is the way to go.