On Sun, Mar 23, 2008 at 6:36 PM, Graham Leggett <minfrin@sharp.fm> wrote:

Can you confirm that it works for you? It seems a straightforward change.

Yes, the new code works for me, but I didn't pass any test included in the APR project (if they exist). I simply compiled the new code, and tested the connection, not only with ldaps, but also with simple ldap. I also track the TCP packets with WireShark and checked that SSL handshake was made with ldaps and no plain text password was sent over the wire.

I tested the result in Windows XP and Windows 2000 Server (different wldap32.dll versions), but I think more intensive testing is needed. It is important the user that launches the Apache service and/or the Windows certificate store where we must put the CA certificate (intrinsics of this API).