SSL_Certificate_Options

   The following session-handle options are specific to SSL and can
   be set by the ldap_set_option() function:

   o  LDAP_OPT_TLS_CERT_REQUIRED (0x7001) void *

      Set to LDAP_OPT_ON if the client library requires a server
      certificate to be present the next time the ldap_tls_start()
      function is called. The default value is LDAP_OPT_OFF; a
      server certificate is not required.

   o  LDAP_OPT_TLS_VERIFY_REQUIRED (0x7002) void *

      Set to LDAP_OPT_ON if the client library requires that a
      server certificate path be validated the next time the ldap_
      tls_start() function is called. The default value is LDAP_OPT_
      OFF; the server certificate, if any, is not verified.

   o  LDAP_OPT_TLS_CERT_FILE (0x7003) char *

      Set to the name of a file containing the client's certificate
      for use by the ldap_tls_start() function.

   o  LDAP_OPT_TLS_PKEY_FILE (0x7004) char *

      Set to the name of a file containing the client's private key
      for use by the ldap_tls_start() function.

   o  LDAP_OPT_TLS_CA_FILE (0x7005) char *

      Set to the name of a file containing CA public keys used for
      validation of the server by the ldap_tls_start() function.

   o  LDAP_OPT_TLS_CA_PATH (0x7006) char *

      Set to the name of a directory on disk containing CA public
      key files used for validation of the server by the ldap_tls_
      start() function.

   o  LDAP_OPT_TLS_VERSION (0x7007) int *

      Set to the desired SSL protocol version. This option takes one
      of the following values:

          1: TLSv1 only
         20: SSLv2 only
         23: SSLv2 or SSLv3
         30: SSLv3 only (default)
         31: TLSv1 only

   If LDAP_OPT_TLS_VERIFY_REQUIRED is set to ON, either the LDAP_
   OPT_TLS_CA_FILE or the LDAP_OPT_TLS_CA_PATH option must be set.

   If client authentication is required, both LDAP_OPT_TLS_CERT_FILE
   and LDAP_OPT_TLS_PKEY_FILE must be set.